Harden more profiles

author: Tad <tad@spotco.us> 2017-04-17 17:11:24 -0400
committer: Tad <tad@spotco.us> 2017-04-17 17:11:24 -0400
commit: 4f238b75de05d91f200305335da1f019810ac149 (patch)
tree: 40f021c8d9e7bb70f7bd0a868d571286fa438420
parent: Merge pull request #1229 from SpotComms/firecfg2 (diff)
download: firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz
firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst
firejail-4f238b75de05d91f200305335da1f019810ac149.zip
27 files changed, 48 insertions, 4 deletions
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 7ea55f505..fe08de40e 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/bless.profile b/etc/bless.profile
index 869f13cc0..f4b5c2e2f 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 995c0001b..071c8a18a 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 # chromium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
-#
-netfilter
 whitelist ${DOWNLOADS}
 mkdir ~/.config/chromium
@@ -27,3 +23,14 @@ whitelist ~/.pki
 whitelist ~/.config/chromium-flags.conf
 include /etc/firejail/whitelist-common.inc
+ipc-namespace
+netfilter
+nogroups
+shell none
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/dino.profile b/etc/dino.profile
index 3de858618..5f587ef8a 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -16,6 +16,7 @@ whitelist ${HOME}/.local/share/dino
 include /etc/firejail/whitelist-common.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/eog.profile b/etc/eog.profile
index 7c2cd557c..32ceebb1d 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/evince.profile b/etc/evince.profile
index ae50425b9..508a0d1a5 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 #net none - creates some problems on some distributions
 no3d
diff --git a/etc/evolution.profile b/etc/evolution.profile
index 04bf480ff..6fe58cbf9 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -20,6 +20,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index a3f687651..6bc74c79d 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 4d96c05c8..0013062a5 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -16,7 +16,9 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 caps.drop all
+ipc-namespace
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 07bdb1bbe..2c429c808 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 net none
 no3d
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 5f8ccb4fb..59d88e9ec 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 net none
 nogroups
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index e9366f07d..28f0d646c 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
+ipc-namespace
 netfilter
 #net none                                     
 no3d
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index d24f492d8..18cbcea5c 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 6ff618187..61841e2c5 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index e84118b9e..d6d2cdd73 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 12a7646ae..4b561405b 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
+ipc-namespace
 netfilter
 nogroups
 nonewprivs
diff --git a/etc/mumble.profile b/etc/mumble.profile
index c5c6a4d1a..19d7a131a 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -17,6 +17,7 @@ whitelist ${HOME}/.local/share/data/Mumble
 include /etc/firejail/whitelist-common.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nonewprivs
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index dfe463c98..db8aacaa5 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
+ipc-namespace
 net none
 netfilter
 no3d
diff --git a/etc/pithos.profile b/etc/pithos.profile
index c25b5772b..f599283fb 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/polari.profile b/etc/polari.profile
index 834a8b3d6..db5fc9487 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -23,7 +23,18 @@ include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
+nosound
 protocol unix,inet,inet6
 seccomp
+shell none
+tracelog
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 425841399..f9750972f 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/steam.profile b/etc/steam.profile
index 536588e4b..eef91a0d5 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 nogroups
 nonewprivs
diff --git a/etc/totem.profile b/etc/totem.profile
index fadfbb00b..d280296f0 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 nogroups
 nonewprivs
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 21282dfbd..5d759ffd4 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 # nogroups
 nonewprivs
diff --git a/etc/wget.profile b/etc/wget.profile
index 3ba97d95d..52c8b68a1 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index dc224b31c..45ccfb89a 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc
 #noroot 
 #protocol unix,inet,inet6,netlink
+ipc-namespace
 netfilter
 no3d
 nogroups
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index 6bfb26484..0bf372fc6 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
+ipc-namespace
 netfilter
 nogroups
 nonewprivs
author	Tad <tad@spotco.us>	2017-04-17 17:11:24 -0400
committer	Tad <tad@spotco.us>	2017-04-17 17:11:24 -0400
commit	4f238b75de05d91f200305335da1f019810ac149 (patch)
tree	40f021c8d9e7bb70f7bd0a868d571286fa438420
parent	Merge pull request #1229 from SpotComms/firecfg2 (diff)
download	firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst firejail-4f238b75de05d91f200305335da1f019810ac149.zip

diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 7ea55f505..fe08de40e 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
9	include /etc/firejail/disable-passwdmgr.inc	9	include /etc/firejail/disable-passwdmgr.inc
10		10
11	caps.drop all	11	caps.drop all
		12	ipc-namespace
12	net none	13	net none
13	netfilter	14	netfilter
14	no3d	15	no3d


diff --git a/etc/bless.profile b/etc/bless.profile index 869f13cc0..f4b5c2e2f 100644 --- a/etc/bless.profile +++ b/etc/bless.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
17		17
18	#Options	18	#Options
19	caps.drop all	19	caps.drop all
		20	ipc-namespace
20	net none	21	net none
21	netfilter	22	netfilter
22	no3d	23	no3d


diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..071c8a18a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium
8	noblacklist ~/.pki	8	noblacklist ~/.pki
9	include /etc/firejail/disable-common.inc	9	include /etc/firejail/disable-common.inc
10	include /etc/firejail/disable-programs.inc	10	include /etc/firejail/disable-programs.inc
11
12	# chromium is distributed with a perl script on Arch	11	# chromium is distributed with a perl script on Arch
13	# include /etc/firejail/disable-devel.inc	12	# include /etc/firejail/disable-devel.inc
14	#
15
16	netfilter
17		13
18	whitelist ${DOWNLOADS}	14	whitelist ${DOWNLOADS}
19	mkdir ~/.config/chromium	15	mkdir ~/.config/chromium
@@ -27,3 +23,14 @@ whitelist ~/.pki
27	whitelist ~/.config/chromium-flags.conf	23	whitelist ~/.config/chromium-flags.conf
28		24
29	include /etc/firejail/whitelist-common.inc	25	include /etc/firejail/whitelist-common.inc
		26
		27	ipc-namespace
		28	netfilter
		29	nogroups
		30	shell none
		31
		32	private-dev
		33	private-tmp
		34
		35	noexec ${HOME}
		36	noexec /tmp


diff --git a/etc/dino.profile b/etc/dino.profile index 3de858618..5f587ef8a 100644 --- a/etc/dino.profile +++ b/etc/dino.profile
@@ -16,6 +16,7 @@ whitelist ${HOME}/.local/share/dino
16	include /etc/firejail/whitelist-common.inc	16	include /etc/firejail/whitelist-common.inc
17		17
18	caps.drop all	18	caps.drop all
		19	ipc-namespace
19	netfilter	20	netfilter
20	no3d	21	no3d
21	nogroups	22	nogroups


diff --git a/etc/eog.profile b/etc/eog.profile index 7c2cd557c..32ceebb1d 100644 --- a/etc/eog.profile +++ b/etc/eog.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12		12
13	caps.drop all	13	caps.drop all
		14	ipc-namespace
14	net none	15	net none
15	netfilter	16	netfilter
16	no3d	17	no3d


diff --git a/etc/evince.profile b/etc/evince.profile index ae50425b9..508a0d1a5 100644 --- a/etc/evince.profile +++ b/etc/evince.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12		12
13	caps.drop all	13	caps.drop all
		14	ipc-namespace
14	netfilter	15	netfilter
15	#net none - creates some problems on some distributions	16	#net none - creates some problems on some distributions
16	no3d	17	no3d


diff --git a/etc/evolution.profile b/etc/evolution.profile index 04bf480ff..6fe58cbf9 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile
@@ -20,6 +20,7 @@ include /etc/firejail/disable-devel.inc
20	include /etc/firejail/disable-passwdmgr.inc	20	include /etc/firejail/disable-passwdmgr.inc
21		21
22	caps.drop all	22	caps.drop all
		23	ipc-namespace
23	netfilter	24	netfilter
24	no3d	25	no3d
25	nogroups	26	nogroups


diff --git a/etc/file-roller.profile b/etc/file-roller.profile index a3f687651..6bc74c79d 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
9	include /etc/firejail/disable-passwdmgr.inc	9	include /etc/firejail/disable-passwdmgr.inc
10		10
11	caps.drop all	11	caps.drop all
		12	ipc-namespace
12	net none	13	net none
13	netfilter	14	netfilter
14	no3d	15	no3d


diff --git a/etc/firefox.profile b/etc/firefox.profile index 4d96c05c8..0013062a5 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -16,7 +16,9 @@ include /etc/firejail/disable-programs.inc
16	include /etc/firejail/disable-devel.inc	16	include /etc/firejail/disable-devel.inc
17		17
18	caps.drop all	18	caps.drop all
		19	ipc-namespace
19	netfilter	20	netfilter
		21	nogroups
20	nonewprivs	22	nonewprivs
21	noroot	23	noroot
22	protocol unix,inet,inet6,netlink	24	protocol unix,inet,inet6,netlink


diff --git a/etc/gedit.profile b/etc/gedit.profile index 07bdb1bbe..2c429c808 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc
14	include /etc/firejail/disable-passwdmgr.inc	14	include /etc/firejail/disable-passwdmgr.inc
15		15
16	caps.drop all	16	caps.drop all
		17	ipc-namespace
17	netfilter	18	netfilter
18	net none	19	net none
19	no3d	20	no3d


diff --git a/etc/gimp.profile b/etc/gimp.profile index 5f8ccb4fb..59d88e9ec 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
9	include /etc/firejail/disable-passwdmgr.inc	9	include /etc/firejail/disable-passwdmgr.inc
10		10
11	caps.drop all	11	caps.drop all
		12	ipc-namespace
12	netfilter	13	netfilter
13	net none	14	net none
14	nogroups	15	nogroups


diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index e9366f07d..28f0d646c 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc
16		16
17	#Options	17	#Options
18	caps.drop all	18	caps.drop all
		19	ipc-namespace
19	netfilter	20	netfilter
20	#net none	21	#net none
21	no3d	22	no3d


diff --git a/etc/hexchat.profile b/etc/hexchat.profile index d24f492d8..18cbcea5c 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
12	include /etc/firejail/disable-devel.inc	12	include /etc/firejail/disable-devel.inc
13		13
14	caps.drop all	14	caps.drop all
		15	ipc-namespace
15	netfilter	16	netfilter
16	no3d	17	no3d
17	nogroups	18	nogroups


diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 6ff618187..61841e2c5 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc
16		16
17	#Options	17	#Options
18	caps.drop all	18	caps.drop all
		19	ipc-namespace
19	net none	20	net none
20	netfilter	21	netfilter
21	no3d	22	no3d


diff --git a/etc/lollypop.profile b/etc/lollypop.profile index e84118b9e..d6d2cdd73 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
17		17
18	#Options	18	#Options
19	caps.drop all	19	caps.drop all
		20	ipc-namespace
20	netfilter	21	netfilter
21	no3d	22	no3d
22	nogroups	23	nogroups


diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 12a7646ae..4b561405b 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile
@@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc
25		25
26	#Options	26	#Options
27	caps.drop all	27	caps.drop all
		28	ipc-namespace
28	netfilter	29	netfilter
29	nogroups	30	nogroups
30	nonewprivs	31	nonewprivs


diff --git a/etc/mumble.profile b/etc/mumble.profile index c5c6a4d1a..19d7a131a 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile
@@ -17,6 +17,7 @@ whitelist ${HOME}/.local/share/data/Mumble
17	include /etc/firejail/whitelist-common.inc	17	include /etc/firejail/whitelist-common.inc
18		18
19	caps.drop all	19	caps.drop all
		20	ipc-namespace
20	netfilter	21	netfilter
21	no3d	22	no3d
22	nonewprivs	23	nonewprivs


diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index dfe463c98..db8aacaa5 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc
14		14
15	#Options	15	#Options
16	caps.drop all	16	caps.drop all
		17	ipc-namespace
17	net none	18	net none
18	netfilter	19	netfilter
19	no3d	20	no3d


diff --git a/etc/pithos.profile b/etc/pithos.profile index c25b5772b..f599283fb 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc
16		16
17	#Options	17	#Options
18	caps.drop all	18	caps.drop all
		19	ipc-namespace
19	netfilter	20	netfilter
20	no3d	21	no3d
21	nogroups	22	nogroups


diff --git a/etc/polari.profile b/etc/polari.profile index 834a8b3d6..db5fc9487 100644 --- a/etc/polari.profile +++ b/etc/polari.profile
@@ -23,7 +23,18 @@ include /etc/firejail/whitelist-common.inc
23		23
24	caps.drop all	24	caps.drop all
25	netfilter	25	netfilter
		26	no3d
		27	nogroups
26	nonewprivs	28	nonewprivs
27	noroot	29	noroot
		30	nosound
28	protocol unix,inet,inet6	31	protocol unix,inet,inet6
29	seccomp	32	seccomp
		33	shell none
		34	tracelog
		35
		36	private-dev
		37	private-tmp
		38
		39	noexec ${HOME}
		40	noexec /tmp


diff --git a/etc/ssh.profile b/etc/ssh.profile index 425841399..f9750972f 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc
13	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
14		14
15	caps.drop all	15	caps.drop all
		16	ipc-namespace
16	netfilter	17	netfilter
17	no3d	18	no3d
18	nogroups	19	nogroups


diff --git a/etc/steam.profile b/etc/steam.profile index 536588e4b..eef91a0d5 100644 --- a/etc/steam.profile +++ b/etc/steam.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12		12
13	caps.drop all	13	caps.drop all
		14	ipc-namespace
14	netfilter	15	netfilter
15	nogroups	16	nogroups
16	nonewprivs	17	nonewprivs


diff --git a/etc/totem.profile b/etc/totem.profile index fadfbb00b..d280296f0 100644 --- a/etc/totem.profile +++ b/etc/totem.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13		13
14	caps.drop all	14	caps.drop all
		15	ipc-namespace
15	netfilter	16	netfilter
16	nogroups	17	nogroups
17	nonewprivs	18	nonewprivs


diff --git a/etc/vlc.profile b/etc/vlc.profile index 21282dfbd..5d759ffd4 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12		12
13	caps.drop all	13	caps.drop all
		14	ipc-namespace
14	netfilter	15	netfilter
15	# nogroups	16	# nogroups
16	nonewprivs	17	nonewprivs


diff --git a/etc/wget.profile b/etc/wget.profile index 3ba97d95d..52c8b68a1 100644 --- a/etc/wget.profile +++ b/etc/wget.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
9	include /etc/firejail/disable-passwdmgr.inc	9	include /etc/firejail/disable-passwdmgr.inc
10		10
11	caps.drop all	11	caps.drop all
		12	ipc-namespace
12	netfilter	13	netfilter
13	no3d	14	no3d
14	nogroups	15	nogroups


diff --git a/etc/wireshark.profile b/etc/wireshark.profile index dc224b31c..45ccfb89a 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc
17	#noroot	17	#noroot
18	#protocol unix,inet,inet6,netlink	18	#protocol unix,inet,inet6,netlink
19		19
		20	ipc-namespace
20	netfilter	21	netfilter
21	no3d	22	no3d
22	nogroups	23	nogroups


diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 6bfb26484..0bf372fc6 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc
22		22
23	#Options	23	#Options
24	caps.drop all	24	caps.drop all
		25	ipc-namespace
25	netfilter	26	netfilter
26	nogroups	27	nogroups
27	nonewprivs	28	nonewprivs