diff options
| author |  Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-02-03 13:18:07 +0100 |
|---|---|---|
| committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-02-03 13:18:07 +0100 |
| commit | 63c35052b7e76f40591f709571e19fbcb7cd8f48 (patch) | |
| tree | fe5819efcbba2f637f3c75933a1cd829f6869823 | |
| parent | relnotes (diff) | |
| download | firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.tar.gz firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.tar.zst firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.zip | |
Add '$HOME/.local/share/pki' to blacklist
Since nss 3.42, '$HOME/.local/share/pki' is supported dir for storing certs
https://hg.mozilla.org/projects/nss/rev/da45424cb9a0b4d8e45e5040e2e3b574d994e254
| -rw-r--r-- | etc-fixes/0.9.52/firefox.profile | 3 | ||||
| -rw-r--r-- | etc/chromium-common.profile | 3 | ||||
| -rw-r--r-- | etc/disable-common.inc | 1 | ||||
| -rw-r--r-- | etc/evolution.profile | 1 | ||||
| -rw-r--r-- | etc/firefox-common.profile | 3 | ||||
| -rw-r--r-- | etc/franz.profile | 3 | ||||
| -rw-r--r-- | etc/mendeleydesktop.profile | 3 | ||||
| -rw-r--r-- | etc/midori.profile | 3 | ||||
| -rw-r--r-- | etc/min.profile | 3 | ||||
| -rw-r--r-- | etc/rambox.profile | 3 | ||||
| -rw-r--r-- | etc/seamonkey.profile | 2 |
11 files changed, 27 insertions, 1 deletions
diff --git a/etc-fixes/0.9.52/firefox.profile b/etc-fixes/0.9.52/firefox.profile index 6b19b14df..e3efada2c 100644 --- a/etc-fixes/0.9.52/firefox.profile +++ b/etc-fixes/0.9.52/firefox.profile | |||
| @@ -24,6 +24,7 @@ noblacklist ${HOME}/.local/share/okular | |||
| 24 | noblacklist ${HOME}/.local/share/qpdfview | 24 | noblacklist ${HOME}/.local/share/qpdfview |
| 25 | noblacklist ${HOME}/.mozilla | 25 | noblacklist ${HOME}/.mozilla |
| 26 | noblacklist ${HOME}/.pki | 26 | noblacklist ${HOME}/.pki |
| 27 | noblacklist ${HOME}/.local/share/pki | ||
| 27 | 28 | ||
| 28 | include /etc/firejail/disable-common.inc | 29 | include /etc/firejail/disable-common.inc |
| 29 | include /etc/firejail/disable-devel.inc | 30 | include /etc/firejail/disable-devel.inc |
| @@ -32,6 +33,7 @@ include /etc/firejail/disable-programs.inc | |||
| 32 | mkdir ${HOME}/.cache/mozilla/firefox | 33 | mkdir ${HOME}/.cache/mozilla/firefox |
| 33 | mkdir ${HOME}/.mozilla | 34 | mkdir ${HOME}/.mozilla |
| 34 | mkdir ${HOME}/.pki | 35 | mkdir ${HOME}/.pki |
| 36 | mkdir ${HOME}/.local/share/pki | ||
| 35 | whitelist ${DOWNLOADS} | 37 | whitelist ${DOWNLOADS} |
| 36 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 38 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
| 37 | whitelist ${HOME}/.cache/mozilla/firefox | 39 | whitelist ${HOME}/.cache/mozilla/firefox |
| @@ -60,6 +62,7 @@ whitelist ${HOME}/.mozilla | |||
| 60 | whitelist ${HOME}/.pentadactyl | 62 | whitelist ${HOME}/.pentadactyl |
| 61 | whitelist ${HOME}/.pentadactylrc | 63 | whitelist ${HOME}/.pentadactylrc |
| 62 | whitelist ${HOME}/.pki | 64 | whitelist ${HOME}/.pki |
| 65 | whitelist ${HOME}/.local/share/pki | ||
| 63 | whitelist ${HOME}/.vimperator | 66 | whitelist ${HOME}/.vimperator |
| 64 | whitelist ${HOME}/.vimperatorrc | 67 | whitelist ${HOME}/.vimperatorrc |
| 65 | whitelist ${HOME}/.wine-pipelight | 68 | whitelist ${HOME}/.wine-pipelight |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 7d8bc15ba..a182e5d20 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
| @@ -7,6 +7,7 @@ include chromium-common.local | |||
| 7 | #include globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
| 10 | noblacklist ${HOME}/.local/share/pki | ||
| 10 | 11 | ||
| 11 | include disable-common.inc | 12 | include disable-common.inc |
| 12 | include disable-devel.inc | 13 | include disable-devel.inc |
| @@ -14,8 +15,10 @@ include disable-interpreters.inc | |||
| 14 | include disable-programs.inc | 15 | include disable-programs.inc |
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.pki | 17 | mkdir ${HOME}/.pki |
| 18 | mkdir ${HOME}/.local/share/pki | ||
| 17 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
| 21 | whitelist ${HOME}/.local/share/pki | ||
| 19 | include whitelist-common.inc | 22 | include whitelist-common.inc |
| 20 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 21 | 24 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 985d658e0..f98f247d5 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -306,6 +306,7 @@ blacklist ${HOME}/.mutt | |||
| 306 | blacklist ${HOME}/.muttrc | 306 | blacklist ${HOME}/.muttrc |
| 307 | blacklist ${HOME}/.netrc | 307 | blacklist ${HOME}/.netrc |
| 308 | blacklist ${HOME}/.pki | 308 | blacklist ${HOME}/.pki |
| 309 | blacklist ${HOME}/.local/share/pki | ||
| 309 | blacklist ${HOME}/.smbcredentials | 310 | blacklist ${HOME}/.smbcredentials |
| 310 | blacklist ${HOME}/.ssh | 311 | blacklist ${HOME}/.ssh |
| 311 | blacklist ${HOME}/.vaults | 312 | blacklist ${HOME}/.vaults |
diff --git a/etc/evolution.profile b/etc/evolution.profile index 1cce0656c..96f7e0eb5 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/evolution | |||
| 14 | noblacklist ${HOME}/.gnupg | 14 | noblacklist ${HOME}/.gnupg |
| 15 | noblacklist ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
| 16 | noblacklist ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
| 17 | noblacklist ${HOME}/.local/share/pki | ||
| 17 | 18 | ||
| 18 | include disable-common.inc | 19 | include disable-common.inc |
| 19 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 644dc89b1..7c65be7cb 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
| @@ -10,6 +10,7 @@ include firefox-common.local | |||
| 10 | #include firefox-common-addons.inc | 10 | #include firefox-common-addons.inc |
| 11 | 11 | ||
| 12 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
| 13 | noblacklist ${HOME}/.local/share/pki | ||
| 13 | 14 | ||
| 14 | include disable-common.inc | 15 | include disable-common.inc |
| 15 | include disable-devel.inc | 16 | include disable-devel.inc |
| @@ -17,8 +18,10 @@ include disable-interpreters.inc | |||
| 17 | include disable-programs.inc | 18 | include disable-programs.inc |
| 18 | 19 | ||
| 19 | mkdir ${HOME}/.pki | 20 | mkdir ${HOME}/.pki |
| 21 | mkdir ${HOME}/.local/share/pki | ||
| 20 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 21 | whitelist ${HOME}/.pki | 23 | whitelist ${HOME}/.pki |
| 24 | whitelist ${HOME}/.local/share/pki | ||
| 22 | include whitelist-common.inc | 25 | include whitelist-common.inc |
| 23 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 24 | 27 | ||
diff --git a/etc/franz.profile b/etc/franz.profile index 5ce8954c4..d6445ff8e 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
| @@ -8,6 +8,7 @@ include globals.local | |||
| 8 | noblacklist ${HOME}/.cache/Franz | 8 | noblacklist ${HOME}/.cache/Franz |
| 9 | noblacklist ${HOME}/.config/Franz | 9 | noblacklist ${HOME}/.config/Franz |
| 10 | noblacklist ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
| 11 | noblacklist ${HOME}/.local/share/pki | ||
| 11 | 12 | ||
| 12 | include disable-common.inc | 13 | include disable-common.inc |
| 13 | include disable-devel.inc | 14 | include disable-devel.inc |
| @@ -17,10 +18,12 @@ include disable-programs.inc | |||
| 17 | mkdir ${HOME}/.cache/Franz | 18 | mkdir ${HOME}/.cache/Franz |
| 18 | mkdir ${HOME}/.config/Franz | 19 | mkdir ${HOME}/.config/Franz |
| 19 | mkdir ${HOME}/.pki | 20 | mkdir ${HOME}/.pki |
| 21 | mkdir ${HOME}/.local/share/pki | ||
| 20 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 21 | whitelist ${HOME}/.cache/Franz | 23 | whitelist ${HOME}/.cache/Franz |
| 22 | whitelist ${HOME}/.config/Franz | 24 | whitelist ${HOME}/.config/Franz |
| 23 | whitelist ${HOME}/.pki | 25 | whitelist ${HOME}/.pki |
| 26 | whitelist ${HOME}/.local/share/pki | ||
| 24 | include whitelist-common.inc | 27 | include whitelist-common.inc |
| 25 | 28 | ||
| 26 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index 280baebdc..3a5edc364 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile | |||
| @@ -12,7 +12,8 @@ noblacklist ${HOME}/.cache/Mendeley Ltd. | |||
| 12 | noblacklist ${HOME}/.config/Mendeley Ltd. | 12 | noblacklist ${HOME}/.config/Mendeley Ltd. |
| 13 | noblacklist ${HOME}/.local/share/Mendeley Ltd. | 13 | noblacklist ${HOME}/.local/share/Mendeley Ltd. |
| 14 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. | 14 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. |
| 15 | noblacklist ${HOME}/.pki/nssdb | 15 | noblacklist ${HOME}/.pki |
| 16 | noblacklist ${HOME}/.local/share/pki | ||
| 16 | 17 | ||
| 17 | # Allow python (blacklisted by disable-interpreters.inc) | 18 | # Allow python (blacklisted by disable-interpreters.inc) |
| 18 | noblacklist ${PATH}/python2* | 19 | noblacklist ${PATH}/python2* |
diff --git a/etc/midori.profile b/etc/midori.profile index 6a69f2282..4e9a6c63d 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/midori | |||
| 11 | # noblacklist ${HOME}/.local/share/webkit | 11 | # noblacklist ${HOME}/.local/share/webkit |
| 12 | # noblacklist ${HOME}/.local/share/webkitgtk | 12 | # noblacklist ${HOME}/.local/share/webkitgtk |
| 13 | noblacklist ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
| 14 | noblacklist ${HOME}/.local/share/pki | ||
| 14 | 15 | ||
| 15 | include disable-common.inc | 16 | include disable-common.inc |
| 16 | include disable-devel.inc | 17 | include disable-devel.inc |
| @@ -23,6 +24,7 @@ mkdir ${HOME}/.local/share/midori | |||
| 23 | mkdir ${HOME}/.local/share/webkit | 24 | mkdir ${HOME}/.local/share/webkit |
| 24 | mkdir ${HOME}/.local/share/webkitgtk | 25 | mkdir ${HOME}/.local/share/webkitgtk |
| 25 | mkdir ${HOME}/.pki | 26 | mkdir ${HOME}/.pki |
| 27 | mkdir ${HOME}/.local/share/pki | ||
| 26 | whitelist ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
| 27 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 29 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
| 28 | whitelist ${HOME}/.cache/midori | 30 | whitelist ${HOME}/.cache/midori |
| @@ -33,6 +35,7 @@ whitelist ${HOME}/.local/share/midori | |||
| 33 | whitelist ${HOME}/.local/share/webkit | 35 | whitelist ${HOME}/.local/share/webkit |
| 34 | whitelist ${HOME}/.local/share/webkitgtk | 36 | whitelist ${HOME}/.local/share/webkitgtk |
| 35 | whitelist ${HOME}/.pki | 37 | whitelist ${HOME}/.pki |
| 38 | whitelist ${HOME}/.local/share/pki | ||
| 36 | include whitelist-common.inc | 39 | include whitelist-common.inc |
| 37 | 40 | ||
| 38 | caps.drop all | 41 | caps.drop all |
diff --git a/etc/min.profile b/etc/min.profile index 3029c2952..80baedff7 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
| @@ -9,6 +9,7 @@ include globals.local | |||
| 9 | noblacklist ${HOME}/.config/Min | 9 | noblacklist ${HOME}/.config/Min |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
| 12 | noblacklist ${HOME}/.local/share/pki | ||
| 12 | 13 | ||
| 13 | include disable-common.inc | 14 | include disable-common.inc |
| 14 | include disable-devel.inc | 15 | include disable-devel.inc |
| @@ -16,8 +17,10 @@ include disable-interpreters.inc | |||
| 16 | include disable-programs.inc | 17 | include disable-programs.inc |
| 17 | 18 | ||
| 18 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
| 20 | mkdir ${HOME}/.local/share/pki | ||
| 19 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 20 | whitelist ${HOME}/.pki | 22 | whitelist ${HOME}/.pki |
| 23 | whitelist ${HOME}/.local/share/pki | ||
| 21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
| 22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 23 | 26 | ||
diff --git a/etc/rambox.profile b/etc/rambox.profile index 6c65f869b..6f7f37aaf 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
| @@ -7,6 +7,7 @@ include globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Rambox | 8 | noblacklist ${HOME}/.config/Rambox |
| 9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
| 10 | noblacklist ${HOME}/.local/share/pki | ||
| 10 | 11 | ||
| 11 | include disable-common.inc | 12 | include disable-common.inc |
| 12 | include disable-devel.inc | 13 | include disable-devel.inc |
| @@ -15,9 +16,11 @@ include disable-programs.inc | |||
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.config/Rambox | 17 | mkdir ${HOME}/.config/Rambox |
| 17 | mkdir ${HOME}/.pki | 18 | mkdir ${HOME}/.pki |
| 19 | mkdir ${HOME}/.local/share/pki | ||
| 18 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.config/Rambox | 21 | whitelist ${HOME}/.config/Rambox |
| 20 | whitelist ${HOME}/.pki | 22 | whitelist ${HOME}/.pki |
| 23 | whitelist ${HOME}/.local/share/pki | ||
| 21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
| 22 | 25 | ||
| 23 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 9c38414bb..8cb291ba6 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -9,6 +9,7 @@ include globals.local | |||
| 9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
| 10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
| 11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
| 12 | noblacklist ${HOME}/.local/share/pki | ||
| 12 | 13 | ||
| 13 | include disable-common.inc | 14 | include disable-common.inc |
| 14 | include disable-devel.inc | 15 | include disable-devel.inc |
| @@ -29,6 +30,7 @@ whitelist ${HOME}/.mozilla | |||
| 29 | whitelist ${HOME}/.pentadactyl | 30 | whitelist ${HOME}/.pentadactyl |
| 30 | whitelist ${HOME}/.pentadactylrc | 31 | whitelist ${HOME}/.pentadactylrc |
| 31 | whitelist ${HOME}/.pki | 32 | whitelist ${HOME}/.pki |
| 33 | whitelist ${HOME}/.local/share/pki | ||
| 32 | whitelist ${HOME}/.vimperator | 34 | whitelist ${HOME}/.vimperator |
| 33 | whitelist ${HOME}/.vimperatorrc | 35 | whitelist ${HOME}/.vimperatorrc |
| 34 | whitelist ${HOME}/.wine-pipelight | 36 | whitelist ${HOME}/.wine-pipelight |