diff options
| author |  Glenn Washburn <development@efficientek.com> | 2018-10-09 06:10:43 -0500 |
|---|---|---|
| committer | Glenn Washburn <development@efficientek.com> | 2018-10-17 00:43:54 -0500 |
| commit | 7c533c9aa5aa9d36d51c512bb175059353eae113 (patch) | |
| tree | a13b25eba80c7c90d31f93a88d8fa606db03d299 | |
| parent | Update profile manpage to detail added "include" functionality. (diff) | |
| download | firejail-7c533c9aa5aa9d36d51c512bb175059353eae113.tar.gz firejail-7c533c9aa5aa9d36d51c512bb175059353eae113.tar.zst firejail-7c533c9aa5aa9d36d51c512bb175059353eae113.zip | |
Remove "/etc/firejail/" from all include paths, now that profile_read will search for the file.
606 files changed, 3406 insertions, 3406 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index f9320f6c7..d20fdb014 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Real-time strategy game of ancient warfare | 2 | # Description: Real-time strategy game of ancient warfare |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/0ad.local | 5 | include 0ad.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/0ad | 9 | noblacklist ${HOME}/.cache/0ad |
| 10 | noblacklist ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
| 11 | noblacklist ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | mkdir ${HOME}/.cache/0ad | 19 | mkdir ${HOME}/.cache/0ad |
| 20 | mkdir ${HOME}/.config/0ad | 20 | mkdir ${HOME}/.config/0ad |
| @@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad | |||
| 22 | whitelist ${HOME}/.cache/0ad | 22 | whitelist ${HOME}/.cache/0ad |
| 23 | whitelist ${HOME}/.config/0ad | 23 | whitelist ${HOME}/.config/0ad |
| 24 | whitelist ${HOME}/.local/share/0ad | 24 | whitelist ${HOME}/.local/share/0ad |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 56b38f5a2..03e71485a 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Mathematics based puzzle game | 2 | # Description: Mathematics based puzzle game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/2048-qt.local | 5 | include 2048-qt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/2048-qt | 9 | noblacklist ${HOME}/.config/2048-qt |
| 10 | noblacklist ${HOME}/.config/xiaoyong | 10 | noblacklist ${HOME}/.config/xiaoyong |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.config/2048-qt | 18 | mkdir ${HOME}/.config/2048-qt |
| 19 | mkdir ${HOME}/.config/xiaoyong | 19 | mkdir ${HOME}/.config/xiaoyong |
| 20 | whitelist ${HOME}/.config/2048-qt | 20 | whitelist ${HOME}/.config/2048-qt |
| 21 | whitelist ${HOME}/.config/xiaoyong | 21 | whitelist ${HOME}/.config/xiaoyong |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/7z.profile b/etc/7z.profile index e3f27b93f..909f3baf8 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/7z.local | 5 | include 7z.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included default.profile | 7 | # added by included default.profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| @@ -22,4 +22,4 @@ tracelog | |||
| 22 | 22 | ||
| 23 | private-dev | 23 | private-dev |
| 24 | 24 | ||
| 25 | include /etc/firejail/default.profile | 25 | include default.profile |
diff --git a/etc/7za.profile b/etc/7za.profile index e035bf4f5..28e483a8c 100644 --- a/etc/7za.profile +++ b/etc/7za.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for 7za | 1 | # Firejail profile for 7za |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/7za.local | 4 | include 7za.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | # added by included profile | 6 | # added by included profile |
| 7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/7z.profile | 10 | include 7z.profile |
diff --git a/etc/7zr.profile b/etc/7zr.profile index e48c5494e..1b85badbc 100644 --- a/etc/7zr.profile +++ b/etc/7zr.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for 7zr | 1 | # Firejail profile for 7zr |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/7zr.local | 4 | include 7zr.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | # added by included profile | 6 | # added by included profile |
| 7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/7z.profile | 10 | include 7z.profile |
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index f1336be3e..cd5229576 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for Cryptocat | 1 | # Firejail profile for Cryptocat |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/Cryptocat.local | 4 | include Cryptocat.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Cryptocat | 8 | noblacklist ${HOME}/.config/Cryptocat |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile index 202bc26f4..2fb21e3cf 100644 --- a/etc/Cyberfox.profile +++ b/etc/Cyberfox.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/cyberfox.profile | 6 | include cyberfox.profile |
diff --git a/etc/Discord.profile b/etc/Discord.profile index 951357387..9a8957265 100644 --- a/etc/Discord.profile +++ b/etc/Discord.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for Discord | 1 | # Firejail profile for Discord |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/Discord.local | 4 | include Discord.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/discord | 9 | noblacklist ${HOME}/.config/discord |
| @@ -15,4 +15,4 @@ private-bin Discord | |||
| 15 | private-opt Discord | 15 | private-opt Discord |
| 16 | 16 | ||
| 17 | #Redirect | 17 | #Redirect |
| 18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile index f7b0e2c56..0624ff949 100644 --- a/etc/DiscordCanary.profile +++ b/etc/DiscordCanary.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for DiscordCanary | 1 | # Firejail profile for DiscordCanary |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/DiscordCanary.local | 4 | include DiscordCanary.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/discordcanary | 9 | noblacklist ${HOME}/.config/discordcanary |
| @@ -15,4 +15,4 @@ private-bin DiscordCanary | |||
| 15 | private-opt DiscordCanary | 15 | private-opt DiscordCanary |
| 16 | 16 | ||
| 17 | #Redirect | 17 | #Redirect |
| 18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile index 01e338ef2..55fd43515 100644 --- a/etc/FossaMail.profile +++ b/etc/FossaMail.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/fossamail.profile | 6 | include fossamail.profile |
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 2e4d235b6..1e8fd0ffe 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Easy-to-use electronic design software | 2 | # Description: Easy-to-use electronic design software |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/Fritzing.local | 5 | include Fritzing.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Fritzing | 9 | noblacklist ${HOME}/.config/Fritzing |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/Gitter.profile b/etc/Gitter.profile index b12dbd450..53e66d108 100644 --- a/etc/Gitter.profile +++ b/etc/Gitter.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/gitter.profile | 6 | include gitter.profile |
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 659a41603..6eb8886bc 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for JDownloader | 1 | # Firejail profile for JDownloader |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/JDownloader.local | 4 | include JDownloader.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.jd | 9 | noblacklist ${HOME}/.jd |
| @@ -14,18 +14,18 @@ noblacklist /usr/lib/java | |||
| 14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
| 15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | mkdir ${HOME}/.jd | 24 | mkdir ${HOME}/.jd |
| 25 | whitelist ${HOME}/.jd | 25 | whitelist ${HOME}/.jd |
| 26 | whitelist ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
| 27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
| 28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
| 29 | 29 | ||
| 30 | caps.drop all | 30 | caps.drop all |
| 31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index deff02028..6aba2678b 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
| @@ -1,25 +1,25 @@ | |||
| 1 | # Firejail profile for Mathematica | 1 | # Firejail profile for Mathematica |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/Mathematica.local | 4 | include Mathematica.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.Mathematica | 8 | noblacklist ${HOME}/.Mathematica |
| 9 | noblacklist ${HOME}/.Wolfram Research | 9 | noblacklist ${HOME}/.Wolfram Research |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.Mathematica | 17 | mkdir ${HOME}/.Mathematica |
| 18 | mkdir ${HOME}/.Wolfram Research | 18 | mkdir ${HOME}/.Wolfram Research |
| 19 | whitelist ${HOME}/.Mathematica | 19 | whitelist ${HOME}/.Mathematica |
| 20 | whitelist ${HOME}/.Wolfram Research | 20 | whitelist ${HOME}/.Wolfram Research |
| 21 | whitelist ${HOME}/Documents/Wolfram Mathematica | 21 | whitelist ${HOME}/Documents/Wolfram Mathematica |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | nodvd | 25 | nodvd |
diff --git a/etc/Natron.profile b/etc/Natron.profile index b21790fe4..aadd68c5c 100644 --- a/etc/Natron.profile +++ b/etc/Natron.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/natron.profile | 6 | include natron.profile |
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index 558f62f0e..f969cd855 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Search, download or stream files from mediathek.de | 2 | # Description: Search, download or stream files from mediathek.de |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/QMediathekView.local | 5 | include QMediathekView.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/QMediathekView | 9 | noblacklist ${HOME}/.config/QMediathekView |
| 10 | noblacklist ${HOME}/.local/share/QMediathekView | 10 | noblacklist ${HOME}/.local/share/QMediathekView |
| @@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem | |||
| 18 | noblacklist ${HOME}/.local/share/xplayer | 18 | noblacklist ${HOME}/.local/share/xplayer |
| 19 | noblacklist ${HOME}/.mplayer | 19 | noblacklist ${HOME}/.mplayer |
| 20 | 20 | ||
| 21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
| 22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
| 23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
| 24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
| 25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
| 26 | 26 | ||
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | netfilter | 30 | netfilter |
diff --git a/etc/Telegram.profile b/etc/Telegram.profile index df6557a90..51e4d9765 100644 --- a/etc/Telegram.profile +++ b/etc/Telegram.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/telegram.profile | 6 | include telegram.profile |
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 6de6cfb30..9937f3883 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: File Manager for Xfce | 2 | # Description: File Manager for Xfce |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/Thunar.local | 5 | include Thunar.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/Trash | 9 | noblacklist ${HOME}/.local/share/Trash |
| 10 | noblacklist ${HOME}/.config/Thunar | 10 | noblacklist ${HOME}/.config/Thunar |
| 11 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 11 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | # include /etc/firejail/disable-programs.inc | 17 | # include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/Viber.profile b/etc/Viber.profile index cb9d01e03..01bb49a99 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for Viber | 1 | # Firejail profile for Viber |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/Viber.local | 4 | include Viber.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.ViberPC | 9 | noblacklist ${HOME}/.ViberPC |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.ViberPC | 18 | whitelist ${HOME}/.ViberPC |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile index c84b8a4ad..5fe8f1c57 100644 --- a/etc/VirtualBox.profile +++ b/etc/VirtualBox.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/virtualbox.profile | 7 | include virtualbox.profile |
diff --git a/etc/XMind.profile b/etc/XMind.profile index ff6258ca2..2f650950c 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for XMind | 1 | # Firejail profile for XMind |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/XMind.local | 4 | include XMind.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.xmind | 8 | noblacklist ${HOME}/.xmind |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.xmind | 16 | mkdir ${HOME}/.xmind |
| 17 | whitelist ${HOME}/.xmind | 17 | whitelist ${HOME}/.xmind |
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index c0c322b67..56e0cf8e7 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for Xephyr | 1 | # Firejail profile for Xephyr |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/Xephyr.local | 4 | include Xephyr.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # | 8 | # |
| 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. | 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. |
| @@ -18,7 +18,7 @@ include /etc/firejail/globals.local | |||
| 18 | blacklist /media | 18 | blacklist /media |
| 19 | 19 | ||
| 20 | whitelist /var/lib/xkb | 20 | whitelist /var/lib/xkb |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. | 24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 4ae2d20d2..d71a69903 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Virtual Framebuffer 'fake' X server | 2 | # Description: Virtual Framebuffer 'fake' X server |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/Xvfb.local | 5 | include Xvfb.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # | 9 | # |
| 10 | # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. | 10 | # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. |
| @@ -20,7 +20,7 @@ include /etc/firejail/globals.local | |||
| 20 | blacklist /media | 20 | blacklist /media |
| 21 | 21 | ||
| 22 | whitelist /var/lib/xkb | 22 | whitelist /var/lib/xkb |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. | 26 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index d757d6f49..010247c6b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for abrowser | 1 | # Firejail profile for abrowser |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/abrowser.local | 4 | include abrowser.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
| 9 | noblacklist ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
| @@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla | |||
| 18 | 18 | ||
| 19 | 19 | ||
| 20 | # Redirect | 20 | # Redirect |
| 21 | include /etc/firejail/firefox-common.profile | 21 | include firefox-common.profile |
diff --git a/etc/acat.profile b/etc/acat.profile index 08593585c..0b4579035 100644 --- a/etc/acat.profile +++ b/etc/acat.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for acat | 1 | # Firejail profile for acat |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/acat.local | 4 | include acat.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/adiff.profile b/etc/adiff.profile index 2c114d765..9073b1477 100644 --- a/etc/adiff.profile +++ b/etc/adiff.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for adiff | 1 | # Firejail profile for adiff |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/adiff.local | 4 | include adiff.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 0cbe306e8..7ea57e235 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | # Firejail profile for akonadi_control | 1 | # Firejail profile for akonadi_control |
| 2 | # Persistent local customizations | 2 | # Persistent local customizations |
| 3 | include /etc/firejail/akonadi_control.local | 3 | include akonadi_control.local |
| 4 | # Persistent global definitions | 4 | # Persistent global definitions |
| 5 | include /etc/firejail/globals.local | 5 | include globals.local |
| 6 | 6 | ||
| 7 | noblacklist ${HOME}/.cache/akonadi* | 7 | noblacklist ${HOME}/.cache/akonadi* |
| 8 | noblacklist ${HOME}/.config/akonadi* | 8 | noblacklist ${HOME}/.config/akonadi* |
| @@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes | |||
| 20 | noblacklist /tmp/akonadi-* | 20 | noblacklist /tmp/akonadi-* |
| 21 | noblacklist /usr/sbin | 21 | noblacklist /usr/sbin |
| 22 | 22 | ||
| 23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
| 24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
| 25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
| 26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
| 27 | include /etc/firejail/disable-programs.inc | 27 | include disable-programs.inc |
| 28 | 28 | ||
| 29 | include /etc/firejail/whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
| 30 | 30 | ||
| 31 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. | 31 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. |
| 32 | # this affects ubuntu and debian currently | 32 | # this affects ubuntu and debian currently |
diff --git a/etc/akregator.profile b/etc/akregator.profile index af8dd2a3e..8147e33e5 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
| @@ -2,26 +2,26 @@ | |||
| 2 | # Description: RSS/Atom feed aggregator | 2 | # Description: RSS/Atom feed aggregator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/akregator.local | 5 | include akregator.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/akregatorrc | 9 | noblacklist ${HOME}/.config/akregatorrc |
| 10 | noblacklist ${HOME}/.local/share/akregator | 10 | noblacklist ${HOME}/.local/share/akregator |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkfile ${HOME}/.config/akregatorrc | 18 | mkfile ${HOME}/.config/akregatorrc |
| 19 | mkdir ${HOME}/.local/share/akregator | 19 | mkdir ${HOME}/.local/share/akregator |
| 20 | whitelist ${HOME}/.config/akregatorrc | 20 | whitelist ${HOME}/.config/akregatorrc |
| 21 | whitelist ${HOME}/.local/share/akregator | 21 | whitelist ${HOME}/.local/share/akregator |
| 22 | whitelist ${HOME}/.local/share/kssl | 22 | whitelist ${HOME}/.local/share/kssl |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | netfilter | 27 | netfilter |
diff --git a/etc/als.profile b/etc/als.profile index 8cd9a9182..24b8b976b 100644 --- a/etc/als.profile +++ b/etc/als.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for als | 1 | # Firejail profile for als |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/als.local | 4 | include als.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/amarok.profile b/etc/amarok.profile index 3ee50a20b..71bd87241 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Easy to use media player based on the KDE Platform | 2 | # Description: Easy to use media player based on the KDE Platform |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/amarok.local | 5 | include amarok.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/amule.profile b/etc/amule.profile index f052a312f..a7b6f0770 100644 --- a/etc/amule.profile +++ b/etc/amule.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Client for the eD2k and Kad networks, like eMule | 2 | # Description: Client for the eD2k and Kad networks, like eMule |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/amule.local | 5 | include amule.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.aMule | 10 | noblacklist ${HOME}/.aMule |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.aMule | 19 | whitelist ${HOME}/.aMule |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 8f5cd56cc..180e4871b 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for android-studio | 1 | # Firejail profile for android-studio |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/android-studio.local | 4 | include android-studio.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.AndroidStudio* | 8 | noblacklist ${HOME}/.AndroidStudio* |
| 9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
| @@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
| 16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
| 17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/anydesk.profile b/etc/anydesk.profile index 17e083f4e..bd66f984b 100644 --- a/etc/anydesk.profile +++ b/etc/anydesk.profile | |||
| @@ -1,21 +1,21 @@ | |||
| 1 | # Firejail profile for AnyDesk | 1 | # Firejail profile for AnyDesk |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/anydesk.local | 4 | include anydesk.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.anydesk | 8 | noblacklist ${HOME}/.anydesk |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.anydesk | 16 | mkdir ${HOME}/.anydesk |
| 17 | whitelist ${HOME}/.anydesk | 17 | whitelist ${HOME}/.anydesk |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/aosp.profile b/etc/aosp.profile index 8622d6acd..a4eea4bad 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for aosp | 1 | # Firejail profile for aosp |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/aosp.local | 4 | include aosp.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
| @@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig | |||
| 18 | noblacklist ${HOME}/.ssh | 18 | noblacklist ${HOME}/.ssh |
| 19 | noblacklist ${HOME}/.tooling | 19 | noblacklist ${HOME}/.tooling |
| 20 | 20 | ||
| 21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/apack.profile b/etc/apack.profile index ad44b227e..bd5e49a01 100644 --- a/etc/apack.profile +++ b/etc/apack.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for apack | 1 | # Firejail profile for apack |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/apack.local | 4 | include apack.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/apktool.profile b/etc/apktool.profile index d157b1478..552c35321 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
| @@ -3,16 +3,16 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/apktool.local | 6 | include apktool.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | include /etc/firejail/disable-xdg.inc | 13 | include disable-xdg.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 9cd200ef2..e76f86fa4 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
| @@ -3,19 +3,19 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/arch-audit.local | 6 | include arch-audit.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | 10 | ||
| 11 | noblacklist /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 27b15412f..1b029d1ac 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/archaudit-report.local | 5 | include archaudit-report.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | noblacklist /var/lib/pacman | 10 | noblacklist /var/lib/pacman |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/ardour4.profile b/etc/ardour4.profile index 7d1163174..5c22b57d0 100644 --- a/etc/ardour4.profile +++ b/etc/ardour4.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/ardour5.profile | 6 | include ardour5.profile |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 99649cc3f..9bce48b91 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for ardour5 | 1 | # Firejail profile for ardour5 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ardour5.local | 4 | include ardour5.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/ardour4 | 8 | noblacklist ${HOME}/.config/ardour4 |
| 9 | noblacklist ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
| @@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst | |||
| 12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
| 13 | noblacklist ${MUSIC} | 13 | noblacklist ${MUSIC} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/arduino.profile b/etc/arduino.profile index 9f28cada4..6c2375fae 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: AVR development board IDE and built-in libraries | 2 | # Description: AVR development board IDE and built-in libraries |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/arduino.local | 5 | include arduino.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.arduino15 | 9 | noblacklist ${HOME}/.arduino15 |
| 10 | noblacklist ${HOME}/.java | 10 | noblacklist ${HOME}/.java |
| @@ -17,12 +17,12 @@ noblacklist /usr/lib/java | |||
| 17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
| 18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/arepack.profile b/etc/arepack.profile index f7a9f724a..f5584b2be 100644 --- a/etc/arepack.profile +++ b/etc/arepack.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for arepack | 1 | # Firejail profile for arepack |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/arepack.local | 4 | include arepack.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 4231c58ff..bc341d710 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink | 2 | # Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/aria2c.local | 5 | include aria2c.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.aria2 | 9 | noblacklist ${HOME}/.aria2 |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/ark.profile b/etc/ark.profile index d5a7f45f4..75dc76c7f 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Archive utility | 2 | # Description: Archive utility |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ark.local | 5 | include ark.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/arkrc | 9 | noblacklist ${HOME}/.config/arkrc |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | apparmor | 19 | apparmor |
| 20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/arm.profile b/etc/arm.profile index da9b45928..667b8f06e 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Terminal status monitor for Tor relays | 2 | # Description: Terminal status monitor for Tor relays |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/arm.local | 5 | include arm.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.arm | 9 | noblacklist ${HOME}/.arm |
| 10 | 10 | ||
| @@ -14,15 +14,15 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | mkdir ${HOME}/.arm | 23 | mkdir ${HOME}/.arm |
| 24 | whitelist ${HOME}/.arm | 24 | whitelist ${HOME}/.arm |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | ipc-namespace | 28 | ipc-namespace |
diff --git a/etc/artha.profile b/etc/artha.profile index befe9295f..7b0c6735b 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: A free cross-platform English thesaurus based on WordNet | 2 | # Description: A free cross-platform English thesaurus based on WordNet |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/artha.local | 5 | include artha.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/artha.conf | 9 | noblacklist ${HOME}/.config/artha.conf |
| 10 | noblacklist ${HOME}/.config/enchant | 10 | noblacklist ${HOME}/.config/enchant |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/asunder.profile b/etc/asunder.profile index 9c059ed0a..4efe62c39 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Graphical audio CD ripper and encoder | 2 | # Description: Graphical audio CD ripper and encoder |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/asunder.local | 5 | include asunder.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/asunder | 9 | noblacklist ${HOME}/.config/asunder |
| 10 | noblacklist ${HOME}/.asunder_album_genre | 10 | noblacklist ${HOME}/.asunder_album_genre |
| @@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title | |||
| 12 | noblacklist ${HOME}/.asunder_album_artist | 12 | noblacklist ${HOME}/.asunder_album_artist |
| 13 | noblacklist ${MUSIC} | 13 | noblacklist ${MUSIC} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | apparmor | 24 | apparmor |
| 25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index a153d08b4..36baee5c4 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # Firejail profile for atom-beta | 1 | # Firejail profile for atom-beta |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/atom-beta.local | 4 | include atom-beta.local |
| 5 | # Profile redirect | 5 | # Profile redirect |
| 6 | include /etc/firejail/atom.profile | 6 | include atom.profile |
diff --git a/etc/atom.profile b/etc/atom.profile index 1ff4e162d..0d9626396 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: A hackable text editor for the 21st Century | 2 | # Description: A hackable text editor for the 21st Century |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/atom.local | 5 | include atom.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.atom | 9 | noblacklist ${HOME}/.atom |
| 10 | noblacklist ${HOME}/.config/Atom | 10 | noblacklist ${HOME}/.config/Atom |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | # net none | 17 | # net none |
diff --git a/etc/atool.profile b/etc/atool.profile index c672ed11d..d7b02a23a 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Tool for managing file archives of various types | 2 | # Description: Tool for managing file archives of various types |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/atool.local | 5 | include atool.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| @@ -15,11 +15,11 @@ noblacklist ${PATH}/perl | |||
| 15 | noblacklist /usr/lib/perl* | 15 | noblacklist /usr/lib/perl* |
| 16 | noblacklist /usr/share/perl* | 16 | noblacklist /usr/share/perl* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | # include /etc/firejail/disable-devel.inc | 19 | # include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile index 5d841bc0e..3f24acefa 100644 --- a/etc/atril-previewer.profile +++ b/etc/atril-previewer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for atril-previewer | 1 | # Firejail profile for atril-previewer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/atril-previewer.local | 4 | include atril-previewer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/atril.profile | 10 | include atril.profile |
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile index 88c74735d..de4a52514 100644 --- a/etc/atril-thumbnailer.profile +++ b/etc/atril-thumbnailer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for atril-thumbnailer | 1 | # Firejail profile for atril-thumbnailer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/atril-thumbnailer.local | 4 | include atril-thumbnailer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/atril.profile | 10 | include atril.profile |
diff --git a/etc/atril.profile b/etc/atril.profile index 6e5286e5f..85c9c04ca 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: MATE document viewer | 2 | # Description: MATE document viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/atril.local | 5 | include atril.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/atril | 9 | noblacklist ${HOME}/.cache/atril |
| 10 | noblacklist ${HOME}/.config/atril | 10 | noblacklist ${HOME}/.config/atril |
| @@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS} | |||
| 13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
| 14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | # apparmor | 25 | # apparmor |
| 26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 627c1a72d..9a95769ba 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Small and fast audio player which supports lots of formats | 2 | # Description: Small and fast audio player which supports lots of formats |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/audacious.local | 5 | include audacious.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Audaciousrc | 9 | noblacklist ${HOME}/.config/Audaciousrc |
| 10 | noblacklist ${HOME}/.config/audacious | 10 | noblacklist ${HOME}/.config/audacious |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | apparmor | 22 | apparmor |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 685319f7f..44237cdc5 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Fast, cross-platform audio editor | 2 | # Description: Fast, cross-platform audio editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/audacity.local | 5 | include audacity.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.audacity-data | 9 | noblacklist ${HOME}/.audacity-data |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | apparmor | 22 | apparmor |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/aunpack.profile b/etc/aunpack.profile index 4f03ac60d..cde9473e3 100644 --- a/etc/aunpack.profile +++ b/etc/aunpack.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for aunpack | 1 | # Firejail profile for aunpack |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/aunpack.local | 4 | include aunpack.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index f10abdda8..46473484e 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: 2FA code generator for GNOME | 2 | # Description: 2FA code generator for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/authenticator.local | 5 | include authenticator.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # blacklisted in 'disable-programs.local' | 9 | # blacklisted in 'disable-programs.local' |
| 10 | noblacklist ${HOME}/.config/Authenticator | 10 | noblacklist ${HOME}/.config/Authenticator |
| @@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator | |||
| 13 | noblacklist ${PATH}/python3* | 13 | noblacklist ${PATH}/python3* |
| 14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | # apparmor | 22 | # apparmor |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/aweather.profile b/etc/aweather.profile index 823b07c8c..99829898b 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Advanced Weather Monitoring Program | 2 | # Description: Advanced Weather Monitoring Program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/aweather.local | 5 | include aweather.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/aweather | 9 | noblacklist ${HOME}/.config/aweather |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.config/aweather | 17 | mkdir ${HOME}/.config/aweather |
| 18 | whitelist ${HOME}/.config/aweather | 18 | whitelist ${HOME}/.config/aweather |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/awesome.profile b/etc/awesome.profile index 49c1a4aad..5d1bf5071 100644 --- a/etc/awesome.profile +++ b/etc/awesome.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/awesome.local | 5 | include awesome.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
| 10 | noblacklist ${HOME}/.config/awesome | 10 | noblacklist ${HOME}/.config/awesome |
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 240573f44..d70825ecf 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for baloo_file | 1 | # Firejail profile for baloo_file |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/baloo_file.local | 4 | include baloo_file.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/baloofilerc | 8 | noblacklist ${HOME}/.config/baloofilerc |
| 9 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 9 | noblacklist ${HOME}/.kde/share/config/baloofilerc |
| @@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc | |||
| 12 | noblacklist ${HOME}/.kde4/share/config/baloorc | 12 | noblacklist ${HOME}/.kde4/share/config/baloorc |
| 13 | noblacklist ${HOME}/.local/share/baloo | 13 | noblacklist ${HOME}/.local/share/baloo |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | no3d | 24 | no3d |
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile index 87f2949e6..94496ede8 100644 --- a/etc/baloo_filemetadata_temp_extractor.profile +++ b/etc/baloo_filemetadata_temp_extractor.profile | |||
| @@ -2,12 +2,12 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/baloo_filemetadata_temp_extractor.local | 5 | include baloo_filemetadata_temp_extractor.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | ignore read-write | 9 | ignore read-write |
| 10 | read-only ${HOME} | 10 | read-only ${HOME} |
| 11 | 11 | ||
| 12 | # Redirect | 12 | # Redirect |
| 13 | include /etc/firejail/baloo_file.profile | 13 | include baloo_file.profile |
diff --git a/etc/baobab.profile b/etc/baobab.profile index d0c3f2712..4749601d6 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: GNOME disk usage analyzer | 2 | # Description: GNOME disk usage analyzer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/baobab.local | 5 | include baobab.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | # include /etc/firejail/disable-programs.inc | 13 | # include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | net none | 16 | net none |
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 43ba5adcb..5f9fc8ef7 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for basilisk | 1 | # Firejail profile for basilisk |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/basilisk.local | 4 | include basilisk.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk | 8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk |
| 9 | noblacklist ${HOME}/.moonchild productions/basilisk | 9 | noblacklist ${HOME}/.moonchild productions/basilisk |
| @@ -24,4 +24,4 @@ seccomp | |||
| 24 | #private-opt basilisk | 24 | #private-opt basilisk |
| 25 | 25 | ||
| 26 | # Redirect | 26 | # Redirect |
| 27 | include /etc/firejail/firefox-common.profile | 27 | include firefox-common.profile |
diff --git a/etc/beaker.profile b/etc/beaker.profile index 9215576c7..d18429408 100644 --- a/etc/beaker.profile +++ b/etc/beaker.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for beaker | 1 | # Firejail profile for beaker |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/beaker.local | 4 | include beaker.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Beaker Browser | 8 | noblacklist ${HOME}/.config/Beaker Browser |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | 12 | ||
| 13 | mkdir ${HOME}/.config/Beaker Browser | 13 | mkdir ${HOME}/.config/Beaker Browser |
| 14 | whitelist ${HOME}/.config/Beaker Browser | 14 | whitelist ${HOME}/.config/Beaker Browser |
| 15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
| 16 | include /etc/firejail/whitelist-common.inc | 16 | include whitelist-common.inc |
| 17 | 17 | ||
| 18 | # Redirect | 18 | # Redirect |
| 19 | include /etc/firejail/electron.profile | 19 | include electron.profile |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 57595e8e2..6c5b7bcad 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: Bible study tool | 2 | # Description: Bible study tool |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bibletime.local | 5 | include bibletime.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.bibletime | 11 | noblacklist ${HOME}/.bibletime |
| 12 | noblacklist ${HOME}/.sword | 12 | noblacklist ${HOME}/.sword |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | whitelist ${HOME}/.bibletime | 20 | whitelist ${HOME}/.bibletime |
| 21 | whitelist ${HOME}/.sword | 21 | whitelist ${HOME}/.sword |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | machine-id | 25 | machine-id |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 9b6affe24..2cf42400d 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Bitcoin is a peer-to-peer network based digital currency | 2 | # Description: Bitcoin is a peer-to-peer network based digital currency |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bitcoin-qt.local | 5 | include bitcoin-qt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.bitcoin | 9 | noblacklist ${HOME}/.bitcoin |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.bitcoin | 17 | mkdir ${HOME}/.bitcoin |
| 18 | mkdir ${HOME}/.config/Bitcoin | 18 | mkdir ${HOME}/.config/Bitcoin |
| 19 | whitelist ${HOME}/.bitcoin | 19 | whitelist ${HOME}/.bitcoin |
| 20 | whitelist ${HOME}/.config/Bitcoin | 20 | whitelist ${HOME}/.config/Bitcoin |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | machine-id | 26 | machine-id |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index e663d7799..bceffe4aa 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: IRC to other chat networks gateway | 2 | # Description: IRC to other chat networks gateway |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bitlbee.local | 5 | include bitlbee.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist /sbin | 9 | noblacklist /sbin |
| 10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
| 11 | # noblacklist /var/log | 11 | # noblacklist /var/log |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | netfilter | 20 | netfilter |
| 21 | no3d | 21 | no3d |
diff --git a/etc/blackbox.profile b/etc/blackbox.profile index 2672c812a..13e83493d 100644 --- a/etc/blackbox.profile +++ b/etc/blackbox.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/blackbox.local | 5 | include blackbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
| 10 | noblacklist ${HOME}/.blackbox | 10 | noblacklist ${HOME}/.blackbox |
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 49d058ab4..8163ac400 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Delete unnecessary files from the system | 2 | # Description: Delete unnecessary files from the system |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bleachbit.local | 5 | include bleachbit.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
| 10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
| @@ -12,11 +12,11 @@ noblacklist ${PATH}/python3* | |||
| 12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
| 13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | # include /etc/firejail/disable-programs.inc | 19 | # include disable-programs.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 4b907018e..9da0cb921 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/blender.profile | 6 | include blender.profile |
diff --git a/etc/blender.profile b/etc/blender.profile index 43a8622f7..05a26220b 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Very fast and versatile 3D modeller/renderer | 2 | # Description: Very fast and versatile 3D modeller/renderer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/blender.local | 5 | include blender.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/blender | 9 | noblacklist ${HOME}/.config/blender |
| 10 | 10 | ||
| @@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | # Allow usage of AMD GPU by OpenCL | 23 | # Allow usage of AMD GPU by OpenCL |
| 24 | noblacklist /sys/module | 24 | noblacklist /sys/module |
diff --git a/etc/bless.profile b/etc/bless.profile index 0da3436e8..555424126 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: A full featured hexadecimal editor | 2 | # Description: A full featured hexadecimal editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bless.local | 5 | include bless.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/bless | 9 | noblacklist ${HOME}/.config/bless |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 23ba34d42..3a3072a6e 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Advanced Gtk+ text editor for web and software development | 2 | # Description: Advanced Gtk+ text editor for web and software development |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bluefish.local | 5 | include bluefish.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/bnox.profile b/etc/bnox.profile index 3207a2923..031f3f4bd 100644 --- a/etc/bnox.profile +++ b/etc/bnox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for bnox | 1 | # Firejail profile for bnox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/bnox.local | 4 | include bnox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/bnox | 8 | noblacklist ${HOME}/.cache/bnox |
| 9 | noblacklist ${HOME}/.config/bnox | 9 | noblacklist ${HOME}/.config/bnox |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox | |||
| 14 | whitelist ${HOME}/.config/bnox | 14 | whitelist ${HOME}/.config/bnox |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/brackets.profile b/etc/brackets.profile index 8f1068506..a89f87859 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for brackets | 1 | # Firejail profile for brackets |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/brackets.local | 4 | include brackets.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Brackets | 8 | noblacklist ${HOME}/.config/Brackets |
| 9 | #noblacklist /opt/brackets/ | 9 | #noblacklist /opt/brackets/ |
| 10 | #noblacklist /opt/google/ | 10 | #noblacklist /opt/google/ |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 1c0b5f843..8ab9472ac 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: CD/DVD burning application for GNOME | 2 | # Description: CD/DVD burning application for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/brasero.local | 5 | include brasero.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/brasero | 9 | noblacklist ${HOME}/.config/brasero |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/brave.profile b/etc/brave.profile index 08bcea561..315564b05 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for brave | 1 | # Firejail profile for brave |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/brave.local | 4 | include brave.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/brave | 8 | noblacklist ${HOME}/.config/brave |
| 9 | # brave uses gpg for built-in password manager | 9 | # brave uses gpg for built-in password manager |
| @@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg | |||
| 17 | ignore noexec /tmp | 17 | ignore noexec /tmp |
| 18 | 18 | ||
| 19 | # Redirect | 19 | # Redirect |
| 20 | include /etc/firejail/chromium-common.profile | 20 | include chromium-common.profile |
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcat.profile +++ b/etc/bsdcat.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/bsdtar.profile | 6 | include bsdtar.profile |
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcpio.profile +++ b/etc/bsdcpio.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/bsdtar.profile | 6 | include bsdtar.profile |
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 57220ef4a..da36d9ced 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/bsdtar.local | 5 | include bsdtar.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | blacklist /tmp/.X11-unix | 15 | blacklist /tmp/.X11-unix |
| 16 | 16 | ||
diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile index f483a1d3d..891476cb1 100644 --- a/etc/bunzip2.profile +++ b/etc/bunzip2.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for bunzip2 | 1 | # Firejail profile for bunzip2 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/bunzip2.local | 4 | include bunzip2.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/gzip.profile | 9 | include gzip.profile |
diff --git a/etc/caja.profile b/etc/caja.profile index 20e690a14..f938792cd 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File manager for the MATE desktop | 2 | # Description: File manager for the MATE desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/caja.local | 5 | include caja.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 9 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
| 10 | # is already a caja process running on MATE desktops firejail will have no effect. | 10 | # is already a caja process running on MATE desktops firejail will have no effect. |
| @@ -19,11 +19,11 @@ noblacklist ${PATH}/python3* | |||
| 19 | noblacklist /usr/lib/python2* | 19 | noblacklist /usr/lib/python2* |
| 20 | noblacklist /usr/lib/python3* | 20 | noblacklist /usr/lib/python3* |
| 21 | 21 | ||
| 22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
| 23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
| 24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
| 25 | include /etc/firejail/disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
| 26 | # include /etc/firejail/disable-programs.inc | 26 | # include disable-programs.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | netfilter | 29 | netfilter |
diff --git a/etc/calibre.profile b/etc/calibre.profile index 7a5d798c5..122259ac8 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Powerful and easy to use e-book manager | 2 | # Description: Powerful and easy to use e-book manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/calibre.local | 5 | include calibre.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/calibre | 9 | noblacklist ${HOME}/.cache/calibre |
| 10 | noblacklist ${HOME}/.config/calibre | 10 | noblacklist ${HOME}/.config/calibre |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/calligra.profile b/etc/calligra.profile index ab2845db4..b300ef240 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: Extensive productivity and creative suite | 2 | # Description: Extensive productivity and creative suite |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/calligra.local | 5 | include calligra.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | ipc-namespace | 16 | ipc-namespace |
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraauthor.profile +++ b/etc/calligraauthor.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraconverter.profile +++ b/etc/calligraconverter.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraflow.profile +++ b/etc/calligraflow.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplan.profile +++ b/etc/calligraplan.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplanwork.profile +++ b/etc/calligraplanwork.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrasheets.profile +++ b/etc/calligrasheets.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrastage.profile +++ b/etc/calligrastage.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrawords.profile +++ b/etc/calligrawords.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 422dc93e5..1afcd0365 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File searching tool | 2 | # Description: File searching tool |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/catfish.local | 5 | include catfish.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
| 10 | # is for finding files/content | 10 | # is for finding files/content |
| @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | # include /etc/firejail/disable-devel.inc | 21 | # include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | 25 | ||
| 26 | whitelist /var/lib/mlocate | 26 | whitelist /var/lib/mlocate |
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | net none | 30 | net none |
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index c8b8be04e..4d572f580 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
| @@ -3,9 +3,9 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/checkbashisms.local | 6 | include checkbashisms.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| @@ -16,14 +16,14 @@ noblacklist ${PATH}/perl | |||
| 16 | noblacklist /usr/lib/perl* | 16 | noblacklist /usr/lib/perl* |
| 17 | noblacklist /usr/share/perl* | 17 | noblacklist /usr/share/perl* |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 0159bddae..1cb7c50df 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Hierarchical note taking application | 2 | # Description: Hierarchical note taking application |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/cherrytree.local | 5 | include cherrytree.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/cherrytree | 9 | noblacklist ${HOME}/.config/cherrytree |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| @@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile index 472841e92..f83052d9a 100644 --- a/etc/chromium-browser.profile +++ b/etc/chromium-browser.profile | |||
| @@ -2,4 +2,4 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | 3 | ||
| 4 | # Redirect | 4 | # Redirect |
| 5 | include /etc/firejail/chromium.profile | 5 | include chromium.profile |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index fc3df86db..732a7865f 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for chromium-common | 1 | # Firejail profile for chromium-common |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/chromium-common.local | 4 | include chromium-common.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | # already included by caller profile | 6 | # already included by caller profile |
| 7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.pki | 16 | mkdir ${HOME}/.pki |
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.pki | 18 | whitelist ${HOME}/.pki |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | apparmor | 22 | apparmor |
| 23 | caps.keep sys_chroot,sys_admin | 23 | caps.keep sys_chroot,sys_admin |
diff --git a/etc/chromium.profile b/etc/chromium.profile index a1488e3e9..dab9ce449 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: A web browser built for speed, simplicity, and security | 2 | # Description: A web browser built for speed, simplicity, and security |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/chromium.local | 5 | include chromium.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/chromium | 9 | noblacklist ${HOME}/.cache/chromium |
| 10 | noblacklist ${HOME}/.config/chromium | 10 | noblacklist ${HOME}/.config/chromium |
| @@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf | |||
| 19 | # private-bin chromium,chromium-browser,chromedriver | 19 | # private-bin chromium,chromium-browser,chromedriver |
| 20 | 20 | ||
| 21 | # Redirect | 21 | # Redirect |
| 22 | include /etc/firejail/chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/cin.profile b/etc/cin.profile index 92baef33a..7a6f7035c 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for cin | 1 | # Firejail profile for cin |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/cin.local | 4 | include cin.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.bcast5 | 8 | noblacklist ${HOME}/.bcast5 |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | ipc-namespace | 17 | ipc-namespace |
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index e6a1941b5..26f782384 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/cin.profile | 6 | include cin.profile |
diff --git a/etc/clamav.profile b/etc/clamav.profile index cf46b8582..e5b198dab 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
| @@ -3,9 +3,9 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/clamav.local | 6 | include clamav.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | caps.drop all | 10 | caps.drop all |
| 11 | ipc-namespace | 11 | ipc-namespace |
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdscan.profile +++ b/etc/clamdscan.profile | |||
| @@ -4,4 +4,4 @@ quiet | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdtop.profile +++ b/etc/clamdtop.profile | |||
| @@ -4,4 +4,4 @@ quiet | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamscan.profile b/etc/clamscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamscan.profile +++ b/etc/clamscan.profile | |||
| @@ -4,4 +4,4 @@ quiet | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamtk.profile b/etc/clamtk.profile index d916381b2..6b64af7d8 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for clamtk | 1 | # Firejail profile for clamtk |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/clamtk.local | 4 | include clamtk.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | caps.drop all | 8 | caps.drop all |
| 9 | ipc-namespace | 9 | ipc-namespace |
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index f7f0fccca..f0656385f 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Fast, lightweight and user-friendly GTK+2 based email client | 2 | # Description: Fast, lightweight and user-friendly GTK+2 based email client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/claws-mail.local | 5 | include claws-mail.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
| 10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
| 11 | noblacklist ${HOME}/.signature | 11 | noblacklist ${HOME}/.signature |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/clementine.profile b/etc/clementine.profile index a72bc39cf..224488325 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Modern music player and library organizer | 2 | # Description: Modern music player and library organizer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/clementine.local | 5 | include clementine.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/Clementine | 9 | noblacklist ${HOME}/.cache/Clementine |
| 10 | noblacklist ${HOME}/.config/Clementine | 10 | noblacklist ${HOME}/.config/Clementine |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/clion.profile b/etc/clion.profile index bcb18114e..fba610d29 100644 --- a/etc/clion.profile +++ b/etc/clion.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for CLion | 1 | # Firejail profile for CLion |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/clion.local | 4 | include clion.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.CLion* | 8 | noblacklist ${HOME}/.CLion* |
| 9 | noblacklist ${HOME}/.gitconfig | 9 | noblacklist ${HOME}/.gitconfig |
| @@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
| 12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
| 13 | noblacklist ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/clipit.profile b/etc/clipit.profile index fd6fbd61b..0caa1faf2 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Lightweight GTK+ clipboard manager | 2 | # Description: Lightweight GTK+ clipboard manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/clipit.local | 5 | include clipit.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/clipit | 9 | noblacklist ${HOME}/.config/clipit |
| 10 | noblacklist ${HOME}/.local/share/clipit | 10 | noblacklist ${HOME}/.local/share/clipit |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 4ff96311d..70277f1ce 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for cliqz | 1 | # Firejail profile for cliqz |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/cliqz.local | 4 | include cliqz.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/cliqz | 8 | noblacklist ${HOME}/.cache/cliqz |
| 9 | noblacklist ${HOME}/.config/cliqz | 9 | noblacklist ${HOME}/.config/cliqz |
| @@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz | |||
| 17 | #private-etc cliqz | 17 | #private-etc cliqz |
| 18 | 18 | ||
| 19 | # Redirect | 19 | # Redirect |
| 20 | include /etc/firejail/firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 5744d462b..ee6600b76 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Lightweight ncurses audio player | 2 | # Description: Lightweight ncurses audio player |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/cmus.local | 5 | include cmus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/cmus | 9 | noblacklist ${HOME}/.config/cmus |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/code.profile b/etc/code.profile index ab69008f1..da710bba1 100644 --- a/etc/code.profile +++ b/etc/code.profile | |||
| @@ -1,16 +1,16 @@ | |||
| 1 | # Firejail profile for Visual Studio Code | 1 | # Firejail profile for Visual Studio Code |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/code.local | 4 | include code.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.vscode | 8 | noblacklist ${HOME}/.vscode |
| 9 | noblacklist ${HOME}/.config/Code | 9 | noblacklist ${HOME}/.config/Code |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | net none | 16 | net none |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 2489e2df4..ca38600d1 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
| @@ -1,14 +1,14 @@ | |||
| 1 | # Firejail profile for conkeror | 1 | # Firejail profile for conkeror |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/conkeror.local | 4 | include conkeror.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.conkeror.mozdev.org | 8 | noblacklist ${HOME}/.conkeror.mozdev.org |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
| 12 | 12 | ||
| 13 | whitelist ${HOME}/.conkeror.mozdev.org | 13 | whitelist ${HOME}/.conkeror.mozdev.org |
| 14 | whitelist ${HOME}/.conkerorrc | 14 | whitelist ${HOME}/.conkerorrc |
| @@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc | |||
| 21 | whitelist ${HOME}/.zotero | 21 | whitelist ${HOME}/.zotero |
| 22 | whitelist ${HOME}/Downloads | 22 | whitelist ${HOME}/Downloads |
| 23 | whitelist ${HOME}/dwhelper | 23 | whitelist ${HOME}/dwhelper |
| 24 | include /etc/firejail/whitelist-common.inc | 24 | include whitelist-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | netfilter | 27 | netfilter |
diff --git a/etc/conky.profile b/etc/conky.profile index f6d07d6de..bbac5e751 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Highly configurable system monitor | 2 | # Description: Highly configurable system monitor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/conky.local | 5 | include conky.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/corebird.profile b/etc/corebird.profile index c7f8a8874..e382c1361 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Native Gtk+ Twitter client for the Linux desktop | 2 | # Description: Native Gtk+ Twitter client for the Linux desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/corebird.local | 5 | include corebird.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/corebird | 9 | noblacklist ${HOME}/.config/corebird |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/cower.profile b/etc/cower.profile index dcc388f87..cb2d9b332 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
| @@ -8,20 +8,20 @@ | |||
| 8 | quiet | 8 | quiet |
| 9 | 9 | ||
| 10 | # Persistent local customizations | 10 | # Persistent local customizations |
| 11 | include /etc/firejail/cower.local | 11 | include cower.local |
| 12 | # Persistent global definitions | 12 | # Persistent global definitions |
| 13 | include /etc/firejail/globals.local | 13 | include globals.local |
| 14 | 14 | ||
| 15 | noblacklist ${HOME}/.config/cower/config | 15 | noblacklist ${HOME}/.config/cower/config |
| 16 | read-only ${HOME}/.config/cower/config | 16 | read-only ${HOME}/.config/cower/config |
| 17 | 17 | ||
| 18 | noblacklist /var/lib/pacman | 18 | noblacklist /var/lib/pacman |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 3c7d0748c..ab9e37d73 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
| @@ -3,18 +3,18 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/cpio.local | 6 | include cpio.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | noblacklist /sbin | 12 | noblacklist /sbin |
| 13 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile index 3d3de7268..7a9039ea4 100644 --- a/etc/cryptocat.profile +++ b/etc/cryptocat.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/Cryptocat.profile | 6 | include Cryptocat.profile |
diff --git a/etc/curl.profile b/etc/curl.profile index e77b8bf4f..ab9c1e5bd 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
| @@ -3,17 +3,17 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/curl.local | 6 | include curl.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | noblacklist ${HOME}/.curlrc | 12 | noblacklist ${HOME}/.curlrc |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 81ccbc530..1070b602c 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for cvlc | 1 | # Firejail profile for cvlc |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/cvlc.local | 4 | include cvlc.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # cvlc doesn't like private-bin | 8 | # cvlc doesn't like private-bin |
| 9 | ignore private-bin | 9 | ignore private-bin |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/vlc.profile | 12 | include vlc.profile |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index ce51906ba..fcb448b30 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for cyberfox | 1 | # Firejail profile for cyberfox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/cyberfox.local | 4 | include cyberfox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.8pecxstudios | 8 | noblacklist ${HOME}/.8pecxstudios |
| 9 | noblacklist ${HOME}/.cache/8pecxstudios | 9 | noblacklist ${HOME}/.cache/8pecxstudios |
| @@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios | |||
| 18 | #private-etc cyberfox | 18 | #private-etc cyberfox |
| 19 | 19 | ||
| 20 | # Redirect | 20 | # Redirect |
| 21 | include /etc/firejail/firefox-common.profile | 21 | include firefox-common.profile |
diff --git a/etc/darktable.profile b/etc/darktable.profile index 74144e68e..a4898fd35 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Virtual lighttable and darkroom for photographers | 2 | # Description: Virtual lighttable and darkroom for photographers |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/darktable.local | 5 | include darktable.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/darktable | 9 | noblacklist ${HOME}/.cache/darktable |
| 10 | noblacklist ${HOME}/.config/darktable | 10 | noblacklist ${HOME}/.config/darktable |
| 11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 8f5961647..3f818fd69 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: A GTK+ audio player for GNU/Linux | 2 | # Description: A GTK+ audio player for GNU/Linux |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/deadbeef.local | 5 | include deadbeef.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/deadbeef | 9 | noblacklist ${HOME}/.config/deadbeef |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/default.profile b/etc/default.profile index f8e54c8d3..27feb7dd1 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for default | 1 | # Firejail profile for default |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/default.local | 4 | include default.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # generic gui profile | 8 | # generic gui profile |
| 9 | # depending on your usage, you can enable some of the commands below: | 9 | # depending on your usage, you can enable some of the commands below: |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | # include /etc/firejail/disable-devel.inc | 12 | # include disable-devel.inc |
| 13 | # include /etc/firejail/disable-interpreters.inc | 13 | # include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | #include /etc/firejail/disable-xdg.inc | 16 | #include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | # ipc-namespace | 19 | # ipc-namespace |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 27ca036ca..b2cb9bf22 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: BitTorrent client written in Python/PyGTK | 2 | # Description: BitTorrent client written in Python/PyGTK |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/deluge.local | 5 | include deluge.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/deluge | 9 | noblacklist ${HOME}/.config/deluge |
| 10 | 10 | ||
| @@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | # include /etc/firejail/disable-devel.inc | 18 | # include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | mkdir ${HOME}/.config/deluge | 23 | mkdir ${HOME}/.config/deluge |
| 24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
| 25 | whitelist ${HOME}/.config/deluge | 25 | whitelist ${HOME}/.config/deluge |
| 26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | machine-id | 30 | machine-id |
diff --git a/etc/desktop.profile b/etc/desktop.profile index 8bfa885a3..bfb1618b2 100644 --- a/etc/desktop.profile +++ b/etc/desktop.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Extend your GitHub workflow beyond your browser with GitHub Desktop | 2 | # Description: Extend your GitHub workflow beyond your browser with GitHub Desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/github-desktop.local | 5 | include github-desktop.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | whitelist ${HOME}/.gitconfig | 9 | whitelist ${HOME}/.gitconfig |
| 10 | whitelist ${HOME}/.config/GitHub Desktop | 10 | whitelist ${HOME}/.config/GitHub Desktop |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index dbfb05798..b3558a038 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Window matching daemon | 2 | # Description: Window matching daemon |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/devilspie.local | 5 | include devilspie.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.devilspie | 9 | noblacklist ${HOME}/.devilspie |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 3a9a9659a..4ab2634e8 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Window matching daemon (Lua) | 2 | # Description: Window matching daemon (Lua) |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/devilspie2.local | 5 | include devilspie2.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/devilspie2 | 9 | noblacklist ${HOME}/.config/devilspie2 |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index da59fc71a..e8dbd00ec 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dex2jar.local | 5 | include dex2jar.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Allow access to java | 9 | # Allow access to java |
| 10 | noblacklist ${PATH}/java | 10 | noblacklist ${PATH}/java |
| @@ -12,14 +12,14 @@ noblacklist /usr/lib/java | |||
| 12 | noblacklist /etc/java | 12 | noblacklist /etc/java |
| 13 | noblacklist /usr/share/java | 13 | noblacklist /usr/share/java |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | net none | 25 | net none |
diff --git a/etc/dia.profile b/etc/dia.profile index fdc40980f..c6adc5a4c 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Diagram editor | 2 | # Description: Diagram editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dia.local | 5 | include dia.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.dia | 9 | noblacklist ${HOME}/.dia |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/dig.profile b/etc/dig.profile index 4b6ab0975..4d4ce7a26 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
| @@ -2,20 +2,20 @@ quiet | |||
| 2 | # Firejail profile for dig | 2 | # Firejail profile for dig |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dig.local | 5 | include dig.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
| 11 | # include /etc/firejail/disable-interpreters.inc | 11 | # include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | #include /etc/firejail/disable-xdg.inc | 14 | #include disable-xdg.inc |
| 15 | 15 | ||
| 16 | whitelist ~/.digrc | 16 | whitelist ~/.digrc |
| 17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | # ipc-namespace | 21 | # ipc-namespace |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 470f60779..ccc0a6544 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Digital photo management application for KDE | 2 | # Description: Digital photo management application for KDE |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/digikam.local | 5 | include digikam.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/digikam | 9 | noblacklist ${HOME}/.config/digikam |
| 10 | noblacklist ${HOME}/.config/digikamrc | 10 | noblacklist ${HOME}/.config/digikamrc |
| @@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam | |||
| 12 | noblacklist ${HOME}/.kde4/share/apps/digikam | 12 | noblacklist ${HOME}/.kde4/share/apps/digikam |
| 13 | noblacklist ${PICTURES} | 13 | noblacklist ${PICTURES} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | apparmor | 24 | apparmor |
| 25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/dillo.profile b/etc/dillo.profile index 8c3da1b3e..ac68f48a3 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Small and fast web browser | 2 | # Description: Small and fast web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dillo.local | 5 | include dillo.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.dillo | 9 | noblacklist ${HOME}/.dillo |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
| 18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
| 19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 20 | whitelist ${HOME}/.dillo | 20 | whitelist ${HOME}/.dillo |
| 21 | whitelist ${HOME}/.fltk | 21 | whitelist ${HOME}/.fltk |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/dino.profile b/etc/dino.profile index a39ec8931..84731a96f 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for dino | 1 | # Firejail profile for dino |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/dino.local | 4 | include dino.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.local/share/dino | 8 | noblacklist ${HOME}/.local/share/dino |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.local/share/dino | 16 | mkdir ${HOME}/.local/share/dino |
| 17 | whitelist ${HOME}/.local/share/dino | 17 | whitelist ${HOME}/.local/share/dino |
| 18 | whitelist ${HOME}/Downloads | 18 | whitelist ${HOME}/Downloads |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ceca17826..e6ba99874 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-common.local | 3 | include disable-common.local |
| 4 | 4 | ||
| 5 | # History files in $HOME and clipboard managers | 5 | # History files in $HOME and clipboard managers |
| 6 | blacklist-nolog ${HOME}/.*_history | 6 | blacklist-nolog ${HOME}/.*_history |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 627856803..5c41692da 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-devel.local | 3 | include disable-devel.local |
| 4 | 4 | ||
| 5 | # development tools | 5 | # development tools |
| 6 | 6 | ||
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc index 0e0caade1..0d5f5737e 100644 --- a/etc/disable-interpreters.inc +++ b/etc/disable-interpreters.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-interpreters.local | 3 | include disable-interpreters.local |
| 4 | 4 | ||
| 5 | # Lua | 5 | # Lua |
| 6 | blacklist ${PATH}/lua* | 6 | blacklist ${PATH}/lua* |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 19fd871d3..72e1a66ee 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-passwdmgr.local | 3 | include disable-passwdmgr.local |
| 4 | 4 | ||
| 5 | blacklist ${HOME}/.config/Bitwarden | 5 | blacklist ${HOME}/.config/Bitwarden |
| 6 | blacklist ${HOME}/.config/KeePass | 6 | blacklist ${HOME}/.config/KeePass |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0f48a320b..46e60b9f4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-programs.local | 3 | include disable-programs.local |
| 4 | 4 | ||
| 5 | blacklist ${HOME}/Monero/wallets | 5 | blacklist ${HOME}/Monero/wallets |
| 6 | blacklist ${HOME}/Standard Notes Backups | 6 | blacklist ${HOME}/Standard Notes Backups |
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc index 519f00afb..22acf272d 100644 --- a/etc/disable-xdg.inc +++ b/etc/disable-xdg.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-xdg.local | 3 | include disable-xdg.local |
| 4 | 4 | ||
| 5 | blacklist ${DOCUMENTS} | 5 | blacklist ${DOCUMENTS} |
| 6 | blacklist ${MUSIC} | 6 | blacklist ${MUSIC} |
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile index b6958cbd3..12b5433b2 100644 --- a/etc/discord-canary.profile +++ b/etc/discord-canary.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for discord-canary | 1 | # Firejail profile for discord-canary |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/discord-canary.local | 4 | include discord-canary.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/discordcanary | 9 | noblacklist ${HOME}/.config/discordcanary |
| @@ -15,4 +15,4 @@ private-bin discord-canary | |||
| 15 | private-opt discord-canary | 15 | private-opt discord-canary |
| 16 | 16 | ||
| 17 | #Redirect | 17 | #Redirect |
| 18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index babef37b1..765ad21e5 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
| @@ -1,15 +1,15 @@ | |||
| 1 | # Firejail profile for discord | 1 | # Firejail profile for discord |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/discord-common.local | 4 | include discord-common.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | # already included by caller profile | 6 | # already included by caller profile |
| 7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | 13 | ||
| 14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
| 15 | 15 | ||
diff --git a/etc/discord.profile b/etc/discord.profile index 63aed5eca..62c4a5658 100644 --- a/etc/discord.profile +++ b/etc/discord.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for discord | 1 | # Firejail profile for discord |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/discord.local | 4 | include discord.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/discord | 9 | noblacklist ${HOME}/.config/discord |
| @@ -15,4 +15,4 @@ private-bin discord | |||
| 15 | private-opt discord | 15 | private-opt discord |
| 16 | 16 | ||
| 17 | #Redirect | 17 | #Redirect |
| 18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/display.profile b/etc/display.profile index 41a426375..7e553398f 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for display | 1 | # Firejail profile for display |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/display.local | 4 | include display.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${PICTURES} | 8 | noblacklist ${PICTURES} |
| 9 | 9 | ||
| @@ -13,14 +13,14 @@ noblacklist ${PATH}/python3* | |||
| 13 | noblacklist /usr/lib/python2* | 13 | noblacklist /usr/lib/python2* |
| 14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | net none | 26 | net none |
diff --git a/etc/dnox.profile b/etc/dnox.profile index 505884ca6..e02395771 100644 --- a/etc/dnox.profile +++ b/etc/dnox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for dnox | 1 | # Firejail profile for dnox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/dnox.local | 4 | include dnox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/dnox | 8 | noblacklist ${HOME}/.cache/dnox |
| 9 | noblacklist ${HOME}/.config/dnox | 9 | noblacklist ${HOME}/.config/dnox |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox | |||
| 14 | whitelist ${HOME}/.config/dnox | 14 | whitelist ${HOME}/.config/dnox |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ce73d7e72..a14e502e5 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Tool for securing communications between a client and a DNS resolver | 2 | # Description: Tool for securing communications between a client and a DNS resolver |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dnscrypt-proxy.local | 5 | include dnscrypt-proxy.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist /sbin | 11 | noblacklist /sbin |
| 12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
| 22 | no3d | 22 | no3d |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index d68806945..c1ee03bca 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Small caching DNS proxy and DHCP/TFTP server | 2 | # Description: Small caching DNS proxy and DHCP/TFTP server |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dnsmasq.local | 5 | include dnsmasq.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist /sbin | 11 | noblacklist /sbin |
| 12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid | 21 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid |
| 22 | no3d | 22 | no3d |
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 819998edf..936876ddf 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File manager | 2 | # Description: File manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dolphin.local | 5 | include dolphin.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 | 9 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 |
| 10 | 10 | ||
| @@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 13 | # noblacklist ${HOME}/.config/dolphinrc | 13 | # noblacklist ${HOME}/.config/dolphinrc |
| 14 | # noblacklist ${HOME}/.local/share/dolphin | 14 | # noblacklist ${HOME}/.local/share/dolphin |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files | 20 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files |
| 21 | # include /etc/firejail/disable-programs.inc | 21 | # include disable-programs.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile index 4e1227a0f..075a24c92 100644 --- a/etc/dooble-qt4.profile +++ b/etc/dooble-qt4.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/dooble.profile | 6 | include dooble.profile |
diff --git a/etc/dooble.profile b/etc/dooble.profile index df68a4aef..69765f119 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for dooble | 1 | # Firejail profile for dooble |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/dooble-qt4.local | 4 | include dooble-qt4.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.dooble | 9 | noblacklist ${HOME}/.dooble |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.dooble | 17 | mkdir ${HOME}/.dooble |
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.dooble | 19 | whitelist ${HOME}/.dooble |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 319daf407..68a67380c 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS | 2 | # Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dosbox.local | 5 | include dosbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.dosbox | 9 | noblacklist ${HOME}/.dosbox |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/dragon.profile b/etc/dragon.profile index 9f41bf87a..32cf0c09d 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: A multimedia player where the focus is on simplicity, instead of features | 2 | # Description: A multimedia player where the focus is on simplicity, instead of features |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/dragon.local | 5 | include dragon.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/dragonplayerrc | 9 | noblacklist ${HOME}/.config/dragonplayerrc |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 24b69e118..8571479c1 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for dropbox | 1 | # Firejail profile for dropbox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/dropbox.local | 4 | include dropbox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
| 9 | noblacklist ${HOME}/.dropbox | 9 | noblacklist ${HOME}/.dropbox |
| 10 | noblacklist ${HOME}/.dropbox-dist | 10 | noblacklist ${HOME}/.dropbox-dist |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.dropbox | 18 | mkdir ${HOME}/.dropbox |
| 19 | mkdir ${HOME}/.dropbox-dist | 19 | mkdir ${HOME}/.dropbox-dist |
| @@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop | |||
| 23 | whitelist ${HOME}/.dropbox | 23 | whitelist ${HOME}/.dropbox |
| 24 | whitelist ${HOME}/.dropbox-dist | 24 | whitelist ${HOME}/.dropbox-dist |
| 25 | whitelist ${HOME}/Dropbox | 25 | whitelist ${HOME}/Dropbox |
| 26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | netfilter | 29 | netfilter |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 6fac08a5d..ddf967e55 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Control your desktop using mouse gestures | 2 | # Description: Control your desktop using mouse gestures |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/easystroke.local | 5 | include easystroke.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.easystroke | 9 | noblacklist ${HOME}/.easystroke |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 1e28b854a..b2fd635b1 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile | |||
| @@ -5,4 +5,4 @@ net none | |||
| 5 | nodbus | 5 | nodbus |
| 6 | 6 | ||
| 7 | # Redirect | 7 | # Redirect |
| 8 | include /etc/firejail/calibre.profile | 8 | include calibre.profile |
diff --git a/etc/electron.profile b/etc/electron.profile index ccfde78bb..c24100f17 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Build cross platform desktop apps with web technologies | 2 | # Description: Build cross platform desktop apps with web technologies |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/electron.local | 5 | include electron.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
| 12 | 12 | ||
| 13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
| 14 | 14 | ||
diff --git a/etc/electrum.profile b/etc/electrum.profile index b3e1ab36f..d14a88d0a 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Lightweight Bitcoin wallet | 2 | # Description: Lightweight Bitcoin wallet |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/electrum.local | 5 | include electrum.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.electrum | 9 | noblacklist ${HOME}/.electrum |
| 10 | 10 | ||
| @@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
| 25 | whitelist ${HOME}/.electrum | 25 | whitelist ${HOME}/.electrum |
| 26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/elinks.profile b/etc/elinks.profile index bafc19e1a..92d5a13fa 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Advanced text-mode WWW browser | 2 | # Description: Advanced text-mode WWW browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/elinks.local | 5 | include elinks.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.elinks | 11 | noblacklist ${HOME}/.elinks |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/emacs.profile b/etc/emacs.profile index 90b25bfcf..c2057f6fb 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: GNU Emacs editor | 2 | # Description: GNU Emacs editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/emacs.local | 5 | include emacs.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.emacs | 9 | noblacklist ${HOME}/.emacs |
| 10 | noblacklist ${HOME}/.emacs.d | 10 | noblacklist ${HOME}/.emacs.d |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 007b51c35..5ca640d30 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: GNOME multi-protocol chat and call client | 2 | # Description: GNOME multi-protocol chat and call client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/empathy.local | 5 | include empathy.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | netfilter | 16 | netfilter |
diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile index ba7573289..295d74a38 100644 --- a/etc/enchant-2.profile +++ b/etc/enchant-2.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for enchant-2 | 1 | # Firejail profile for enchant-2 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/enchant-2.local | 4 | include enchant-2.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile index 1b646eef6..991ea63ef 100644 --- a/etc/enchant-lsmod-2.profile +++ b/etc/enchant-lsmod-2.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for enchant-lsmod-2 | 1 | # Firejail profile for enchant-lsmod-2 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/enchant-lsmod-2.local | 4 | include enchant-lsmod-2.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile index 3452b0421..d7bcae6a0 100644 --- a/etc/enchant-lsmod.profile +++ b/etc/enchant-lsmod.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for enchant-lsmod | 1 | # Firejail profile for enchant-lsmod |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/enchant-lsmod.local | 4 | include enchant-lsmod.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant.profile b/etc/enchant.profile index cf7d76b4c..7ca7fdcea 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Wrapper for various spell checker engines | 2 | # Description: Wrapper for various spell checker engines |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/enchant.local | 5 | include enchant.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index eaf246d3c..02919f271 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Archive manager for MATE | 2 | # Description: Archive manager for MATE |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/engrampa.local | 5 | include engrampa.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
| 16 | 16 | ||
| 17 | apparmor | 17 | apparmor |
| 18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/enox.profile b/etc/enox.profile index 46f409346..d8ac8b24a 100644 --- a/etc/enox.profile +++ b/etc/enox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for enox | 1 | # Firejail profile for enox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/enox.local | 4 | include enox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/Enox | 8 | noblacklist ${HOME}/.cache/Enox |
| 9 | noblacklist ${HOME}/.config/Enox | 9 | noblacklist ${HOME}/.config/Enox |
| @@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox | |||
| 16 | whitelist ${HOME}/.config/Enox | 16 | whitelist ${HOME}/.config/Enox |
| 17 | 17 | ||
| 18 | # Redirect | 18 | # Redirect |
| 19 | include /etc/firejail/chromium-common.profile | 19 | include chromium-common.profile |
diff --git a/etc/enpass.profile b/etc/enpass.profile index 3a30f8b04..e3e146d5d 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
| @@ -1,20 +1,20 @@ | |||
| 1 | # This file is overwritten after every install/update. | 1 | # This file is overwritten after every install/update. |
| 2 | # Persistent local customisations | 2 | # Persistent local customisations |
| 3 | include /etc/firejail/enpass.local | 3 | include enpass.local |
| 4 | # Persistent global definitions | 4 | # Persistent global definitions |
| 5 | include /etc/firejail/globals.local | 5 | include globals.local |
| 6 | 6 | ||
| 7 | noblacklist ${HOME}/.config/Sinew Software Systems | 7 | noblacklist ${HOME}/.config/Sinew Software Systems |
| 8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | machine-id | 20 | machine-id |
diff --git a/etc/eog.profile b/etc/eog.profile index 017fe5c75..fada8213f 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Eye of GNOME graphics viewer program | 2 | # Description: Eye of GNOME graphics viewer program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/eog.local | 5 | include eog.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
| 10 | noblacklist ${HOME}/.config/eog | 10 | noblacklist ${HOME}/.config/eog |
| 11 | noblacklist ${HOME}/.local/share/Trash | 11 | noblacklist ${HOME}/.local/share/Trash |
| 12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | # apparmor - makes settings immutable | 22 | # apparmor - makes settings immutable |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/eom.profile b/etc/eom.profile index a0ce712c8..1a248f4e8 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Eye of MATE graphics viewer program | 2 | # Description: Eye of MATE graphics viewer program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/eom.local | 5 | include eom.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
| 10 | noblacklist ${HOME}/.config/mate/eom | 10 | noblacklist ${HOME}/.config/mate/eom |
| 11 | noblacklist ${HOME}/.local/share/Trash | 11 | noblacklist ${HOME}/.local/share/Trash |
| 12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | # apparmor - makes settings immutable | 22 | # apparmor - makes settings immutable |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index b04cf72b4..6868ca391 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Clone of Boulder Dash game | 2 | # Description: Clone of Boulder Dash game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/epiphany.local | 5 | include epiphany.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/epiphany | 9 | noblacklist ${HOME}/.cache/epiphany |
| 10 | noblacklist ${HOME}/.config/epiphany | 10 | noblacklist ${HOME}/.config/epiphany |
| 11 | noblacklist ${HOME}/.local/share/epiphany | 11 | noblacklist ${HOME}/.local/share/epiphany |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/epiphany | 18 | mkdir ${HOME}/.cache/epiphany |
| 19 | mkdir ${HOME}/.config/epiphany | 19 | mkdir ${HOME}/.config/epiphany |
| @@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} | |||
| 22 | whitelist ${HOME}/.cache/epiphany | 22 | whitelist ${HOME}/.cache/epiphany |
| 23 | whitelist ${HOME}/.config/epiphany | 23 | whitelist ${HOME}/.config/epiphany |
| 24 | whitelist ${HOME}/.local/share/epiphany | 24 | whitelist ${HOME}/.local/share/epiphany |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/etr.profile b/etc/etr.profile index 5c01636cc..5fc989de3 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
| @@ -1,20 +1,20 @@ | |||
| 1 | # Firejail profile for etr | 1 | # Firejail profile for etr |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/etr.local | 4 | include etr.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.etr | 8 | noblacklist ${HOME}/.etr |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | 13 | ||
| 14 | mkdir ${HOME}/.etr | 14 | mkdir ${HOME}/.etr |
| 15 | whitelist ${HOME}/.etr | 15 | whitelist ${HOME}/.etr |
| 16 | include /etc/firejail/whitelist-common.inc | 16 | include whitelist-common.inc |
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile index d5bc6db33..e43bb2da8 100644 --- a/etc/evince-previewer.profile +++ b/etc/evince-previewer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for evince-previewer | 1 | # Firejail profile for evince-previewer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/evince-previewer.local | 4 | include evince-previewer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/evince.profile | 10 | include evince.profile |
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile index abc21632d..4036e1ecb 100644 --- a/etc/evince-thumbnailer.profile +++ b/etc/evince-thumbnailer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for evince-thumbnailer | 1 | # Firejail profile for evince-thumbnailer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/evince-thumbnailer.local | 4 | include evince-thumbnailer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/evince.profile | 10 | include evince.profile |
diff --git a/etc/evince.profile b/etc/evince.profile index ea46ccc40..5b5d40077 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Document (PostScript, PDF) viewer | 2 | # Description: Document (PostScript, PDF) viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/evince.local | 5 | include evince.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/evince | 9 | noblacklist ${HOME}/.config/evince |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | machine-id | 22 | machine-id |
diff --git a/etc/evolution.profile b/etc/evolution.profile index f691b3c3d..1c5347e04 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Groupware suite with mail client and organizer | 2 | # Description: Groupware suite with mail client and organizer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/evolution.local | 5 | include evolution.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist /var/mail | 9 | noblacklist /var/mail |
| 10 | noblacklist /var/spool/mail | 10 | noblacklist /var/spool/mail |
| @@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg | |||
| 15 | noblacklist ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
| 16 | noblacklist ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 2666397f4..8fc99037f 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/exiftool.local | 5 | include exiftool.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| @@ -13,11 +13,11 @@ noblacklist ${PATH}/perl | |||
| 13 | noblacklist /usr/lib/perl* | 13 | noblacklist /usr/lib/perl* |
| 14 | noblacklist /usr/share/perl* | 14 | noblacklist /usr/share/perl* |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | net none | 23 | net none |
diff --git a/etc/falkon.profile b/etc/falkon.profile index 41e1386dd..140d40a00 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: Lightweight web browser based on Qt WebEngine | 2 | # Description: Lightweight web browser based on Qt WebEngine |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/falkon.local | 5 | include falkon.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/falkon | 9 | noblacklist ${HOME}/.cache/falkon |
| 10 | noblacklist ${HOME}/.config/falkon | 10 | noblacklist ${HOME}/.config/falkon |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.cache/falkon | 19 | whitelist ${HOME}/.cache/falkon |
| 20 | whitelist ${HOME}/.config/falkon | 20 | whitelist ${HOME}/.config/falkon |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c5afde9ec..c31ed5009 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: E-book reader | 2 | # Description: E-book reader |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/fbreader.local | 5 | include fbreader.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.FBReader | 9 | noblacklist ${HOME}/.FBReader |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/feh.profile b/etc/feh.profile index 197581ae7..8e6ae49de 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: imlib2 based image viewer | 2 | # Description: imlib2 based image viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/feh.local | 5 | include feh.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | net none | 16 | net none |
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index d9b347d70..43c6894a3 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder | 2 | # Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/fetchmail.local | 5 | include fetchmail.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.fetchmailrc | 9 | noblacklist ${HOME}/.fetchmailrc |
| 10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 09574ffb7..5314eb04c 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
| @@ -3,17 +3,17 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/ffmpeg.local | 6 | include ffmpeg.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | net none | 19 | net none |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 11883f03e..9ef26d08f 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Archive manager for GNOME | 2 | # Description: Archive manager for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/file-roller.local | 5 | include file-roller.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
| 16 | 16 | ||
| 17 | apparmor | 17 | apparmor |
| 18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/file.profile b/etc/file.profile index fbeea83a8..2dc21dde4 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
| @@ -3,15 +3,15 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/file.local | 6 | include file.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | hostname file | 17 | hostname file |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 7a5ad4301..f4c25ed05 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Full-featured graphical FTP/FTPS/SFTP client | 2 | # Description: Full-featured graphical FTP/FTPS/SFTP client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/filezilla.local | 5 | include filezilla.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/filezilla | 9 | noblacklist ${HOME}/.config/filezilla |
| 10 | noblacklist ${HOME}/.filezilla | 10 | noblacklist ${HOME}/.filezilla |
| @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile index f9924fee5..ee158703d 100644 --- a/etc/firefox-beta.profile +++ b/etc/firefox-beta.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for firefox-beta | 1 | # Firejail profile for firefox-beta |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox-beta.local | 4 | include firefox-beta.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index f5fd4aa5b..7a0c3e99f 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/firefox-common-addons.local | 3 | include firefox-common-addons.local |
| 4 | 4 | ||
| 5 | noblacklist ${HOME}/.config/kgetrc | 5 | noblacklist ${HOME}/.config/kgetrc |
| 6 | noblacklist ${HOME}/.config/okularpartrc | 6 | noblacklist ${HOME}/.config/okularpartrc |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 8ed26e22f..e02d3afd0 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
| @@ -1,26 +1,26 @@ | |||
| 1 | # Firejail profile for firefox-common | 1 | # Firejail profile for firefox-common |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox-common.local | 4 | include firefox-common.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | # already included by caller profile | 6 | # already included by caller profile |
| 7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
| 8 | 8 | ||
| 9 | # uncomment the following line to allow access to common programs/addons/plugins | 9 | # uncomment the following line to allow access to common programs/addons/plugins |
| 10 | #include /etc/firejail/firefox-common-addons.inc | 10 | #include firefox-common-addons.inc |
| 11 | 11 | ||
| 12 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
| 20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 21 | whitelist ${HOME}/.pki | 21 | whitelist ${HOME}/.pki |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | apparmor | 25 | apparmor |
| 26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile index 7458d9e10..56a0485cb 100644 --- a/etc/firefox-developer-edition.profile +++ b/etc/firefox-developer-edition.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # Description: Developer Edition of the popular Firefox web browser | 2 | # Description: Developer Edition of the popular Firefox web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/firefox-developer-edition.local | 5 | include firefox-developer-edition.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | # Redirect | 10 | # Redirect |
| 11 | include /etc/firejail/firefox.profile | 11 | include firefox.profile |
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile index 9821c7150..0ba04d9c1 100644 --- a/etc/firefox-esr.profile +++ b/etc/firefox-esr.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for firefox-esr | 1 | # Firejail profile for firefox-esr |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox-esr.local | 4 | include firefox-esr.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile index 302f6eb24..6f3838e33 100644 --- a/etc/firefox-nightly.profile +++ b/etc/firefox-nightly.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for firefox-nightly | 1 | # Firejail profile for firefox-nightly |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox-nightly.local | 4 | include firefox-nightly.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile index 806d50e31..e47ca32f9 100644 --- a/etc/firefox-wayland.profile +++ b/etc/firefox-wayland.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for firefox-wayland | 1 | # Firejail profile for firefox-wayland |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox-wayland.local | 4 | include firefox-wayland.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox.profile b/etc/firefox.profile index c968e964e..830bbc6a7 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Safe and easy web browser from Mozilla | 2 | # Description: Safe and easy web browser from Mozilla |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/firefox.local | 5 | include firefox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
| 10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
| @@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla | |||
| 20 | #private-etc firefox | 20 | #private-etc firefox |
| 21 | 21 | ||
| 22 | # Redirect | 22 | # Redirect |
| 23 | include /etc/firejail/firefox-common.profile | 23 | include firefox-common.profile |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index e4987280a..7f626dce3 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Powerful yet simple-to-use screenshot software | 2 | # Description: Powerful yet simple-to-use screenshot software |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/flameshot.local | 5 | include flameshot.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 63f9d19a9..b841bce75 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for flashpeak-slimjet | 1 | # Firejail profile for flashpeak-slimjet |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/flashpeak-slimjet.local | 4 | include flashpeak-slimjet.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/slimjet | 8 | noblacklist ${HOME}/.cache/slimjet |
| 9 | noblacklist ${HOME}/.config/slimjet | 9 | noblacklist ${HOME}/.config/slimjet |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet | |||
| 14 | whitelist ${HOME}/.config/slimjet | 14 | whitelist ${HOME}/.config/slimjet |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index bc95a2b51..ecd50bcea 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Non-linear video editor | 2 | # Description: Non-linear video editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/flowblade.local | 5 | include flowblade.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/flowblade | 9 | noblacklist ${HOME}/.config/flowblade |
| 10 | noblacklist ${HOME}/.flowblade | 10 | noblacklist ${HOME}/.flowblade |
| @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile index 5fafef95a..c296c0491 100644 --- a/etc/fluxbox.profile +++ b/etc/fluxbox.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/fluxbox.local | 5 | include fluxbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
| 10 | noblacklist ${HOME}/.fluxbox | 10 | noblacklist ${HOME}/.fluxbox |
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 2ae80964d..7fac6f01b 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Font editor | 2 | # Description: Font editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/fontforge.local | 5 | include fontforge.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.FontForge | 9 | noblacklist ${HOME}/.FontForge |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| @@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 4316c0988..e821f6f65 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for fossamail | 1 | # Firejail profile for fossamail |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/fossamail.local | 4 | include fossamail.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/fossamail | 8 | noblacklist ${HOME}/.cache/fossamail |
| 9 | noblacklist ${HOME}/.fossamail | 9 | noblacklist ${HOME}/.fossamail |
| @@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg | |||
| 15 | whitelist ${HOME}/.cache/fossamail | 15 | whitelist ${HOME}/.cache/fossamail |
| 16 | whitelist ${HOME}/.fossamail | 16 | whitelist ${HOME}/.fossamail |
| 17 | whitelist ${HOME}/.gnupg | 17 | whitelist ${HOME}/.gnupg |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | # allow browsers | 20 | # allow browsers |
| 21 | # Redirect | 21 | # Redirect |
| 22 | include /etc/firejail/firefox.profile | 22 | include firefox.profile |
diff --git a/etc/franz.profile b/etc/franz.profile index fbe1c0f65..751784bea 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for franz | 1 | # Firejail profile for franz |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/franz.local | 4 | include franz.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/Franz | 8 | noblacklist ${HOME}/.cache/Franz |
| 9 | noblacklist ${HOME}/.config/Franz | 9 | noblacklist ${HOME}/.config/Franz |
| 10 | noblacklist ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.cache/Franz | 17 | mkdir ${HOME}/.cache/Franz |
| 18 | mkdir ${HOME}/.config/Franz | 18 | mkdir ${HOME}/.config/Franz |
| @@ -21,7 +21,7 @@ whitelist ${DOWNLOADS} | |||
| 21 | whitelist ${HOME}/.cache/Franz | 21 | whitelist ${HOME}/.cache/Franz |
| 22 | whitelist ${HOME}/.config/Franz | 22 | whitelist ${HOME}/.config/Franz |
| 23 | whitelist ${HOME}/.pki | 23 | whitelist ${HOME}/.pki |
| 24 | include /etc/firejail/whitelist-common.inc | 24 | include whitelist-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | netfilter | 27 | netfilter |
diff --git a/etc/freecad.profile b/etc/freecad.profile index 934f1d0fb..7585b9786 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Extensible Open Source CAx program | 2 | # Description: Extensible Open Source CAx program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/freecad.local | 5 | include freecad.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/FreeCAD | 9 | noblacklist ${HOME}/.config/FreeCAD |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile index f8bbff593..d98b05e65 100644 --- a/etc/freecadcmd.profile +++ b/etc/freecadcmd.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/freecad.profile | 6 | include freecad.profile |
diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 4e224dd3e..f688ba47b 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/clamav.local | 5 | include clamav.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | caps.keep setgid,setuid | 10 | caps.keep setgid,setuid |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 279e5d403..493d11da6 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Cool game where you pop out the bubbles | 2 | # Description: Cool game where you pop out the bubbles |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/frozen-bubble.local | 5 | include frozen-bubble.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.frozen-bubble | 9 | noblacklist ${HOME}/.frozen-bubble |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.frozen-bubble | 17 | mkdir ${HOME}/.frozen-bubble |
| 18 | whitelist ${HOME}/.frozen-bubble | 18 | whitelist ${HOME}/.frozen-bubble |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | net none | 23 | net none |
diff --git a/etc/gajim.profile b/etc/gajim.profile index 90ba59954..82ae53545 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: GTK+-based Jabber client | 2 | # Description: GTK+-based Jabber client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gajim.local | 5 | include gajim.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/gajim | 9 | noblacklist ${HOME}/.cache/gajim |
| 10 | noblacklist ${HOME}/.config/gajim | 10 | noblacklist ${HOME}/.config/gajim |
| @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | noblacklist /usr/lib64/python3* | 16 | noblacklist /usr/lib64/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | mkdir ${HOME}/.cache/gajim | 24 | mkdir ${HOME}/.cache/gajim |
| 25 | mkdir ${HOME}/.config/gajim | 25 | mkdir ${HOME}/.config/gajim |
| @@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim | |||
| 29 | whitelist ${HOME}/.config/gajim | 29 | whitelist ${HOME}/.config/gajim |
| 30 | whitelist ${HOME}/.local/share/gajim | 30 | whitelist ${HOME}/.local/share/gajim |
| 31 | whitelist ${HOME}/Downloads | 31 | whitelist ${HOME}/Downloads |
| 32 | include /etc/firejail/whitelist-common.inc | 32 | include whitelist-common.inc |
| 33 | 33 | ||
| 34 | caps.drop all | 34 | caps.drop all |
| 35 | netfilter | 35 | netfilter |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 699fb7d78..d000015b3 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Scientific calculator | 2 | # Description: Scientific calculator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/galculator.local | 5 | include galculator.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/galculator | 9 | noblacklist ${HOME}/.config/galculator |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.config/galculator | 17 | mkdir ${HOME}/.config/galculator |
| 18 | whitelist ${HOME}/.config/galculator | 18 | whitelist ${HOME}/.config/galculator |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | apparmor | 22 | apparmor |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 195dc9302..d800932bb 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for gcloud | 1 | # Firejail profile for gcloud |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gcloud.local | 4 | include gcloud.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.boto | 8 | noblacklist ${HOME}/.boto |
| 9 | noblacklist ${HOME}/.config/gcloud | 9 | noblacklist ${HOME}/.config/gcloud |
| 10 | noblacklist /var/run/docker.sock | 10 | noblacklist /var/run/docker.sock |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | apparmor | 16 | apparmor |
| 17 | caps.drop all | 17 | caps.drop all |
diff --git a/etc/geany.profile b/etc/geany.profile index d69bca1ad..7389f8e6c 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: Fast and lightweight IDE | 2 | # Description: Fast and lightweight IDE |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/geany.local | 5 | include geany.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/geany | 9 | noblacklist ${HOME}/.config/geany |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | netfilter | 16 | netfilter |
diff --git a/etc/geary.profile b/etc/geary.profile index 735206da2..a21eed9f1 100644 --- a/etc/geary.profile +++ b/etc/geary.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Lightweight email client designed for the GNOME desktop | 2 | # Description: Lightweight email client designed for the GNOME desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/geary.local | 5 | include geary.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Users have Geary set to open a browser by clicking a link in an email | 9 | # Users have Geary set to open a browser by clicking a link in an email |
| 10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
| @@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg | |||
| 20 | whitelist ${HOME}/.config/geary | 20 | whitelist ${HOME}/.config/geary |
| 21 | whitelist ${HOME}/.local/share/geary | 21 | whitelist ${HOME}/.local/share/geary |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | 24 | ||
| 25 | ignore nodbus | 25 | ignore nodbus |
| 26 | ignore private-tmp | 26 | ignore private-tmp |
| @@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list | |||
| 29 | 29 | ||
| 30 | # allow browsers | 30 | # allow browsers |
| 31 | # Redirect | 31 | # Redirect |
| 32 | include /etc/firejail/firefox.profile | 32 | include firefox.profile |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 1a4d9634a..3d3ecfab2 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Official text editor of the GNOME desktop environment | 2 | # Description: Official text editor of the GNOME desktop environment |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gedit.local | 5 | include gedit.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
| 10 | noblacklist ${HOME}/.config/gedit | 10 | noblacklist ${HOME}/.config/gedit |
| 11 | noblacklist ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | # include /etc/firejail/disable-devel.inc | 14 | # include disable-devel.inc |
| 15 | # include /etc/firejail/disable-interpreters.inc | 15 | # include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
| 22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 3fbe245d6..a54ed16a2 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Image viewer using GTK+ | 2 | # Description: Image viewer using GTK+ |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/geeqie.local | 5 | include geeqie.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/geeqie | 9 | noblacklist ${HOME}/.cache/geeqie |
| 10 | noblacklist ${HOME}/.config/geeqie | 10 | noblacklist ${HOME}/.config/geeqie |
| 11 | noblacklist ${HOME}/.local/share/geeqie | 11 | noblacklist ${HOME}/.local/share/geeqie |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | nodvd | 20 | nodvd |
diff --git a/etc/ghb.profile b/etc/ghb.profile index de6244a32..1cb09ddde 100644 --- a/etc/ghb.profile +++ b/etc/ghb.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/handbrake.profile | 6 | include handbrake.profile |
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.10.profile +++ b/etc/gimp-2.10.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/gimp.profile | 6 | include gimp.profile |
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/gimp.profile | 6 | include gimp.profile |
diff --git a/etc/gimp.profile b/etc/gimp.profile index fa27d2cea..0e52f54eb 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: GNU Image Manipulation Program | 2 | # Description: GNU Image Manipulation Program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gimp.local | 5 | include gimp.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
| 10 | noblacklist ${HOME}/.gimp* | 10 | noblacklist ${HOME}/.gimp* |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | noblacklist ${PICTURES} | 12 | noblacklist ${PICTURES} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | apparmor | 21 | apparmor |
| 22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/git.profile b/etc/git.profile index 9c8d22fd3..c3fd6fe94 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
| @@ -3,9 +3,9 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/git.local | 6 | include git.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| @@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh | |||
| 17 | noblacklist ${HOME}/.vim | 17 | noblacklist ${HOME}/.vim |
| 18 | noblacklist ${HOME}/.viminfo | 18 | noblacklist ${HOME}/.viminfo |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 87d8c0a1f..c0634c231 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Git repository viewer | 2 | # Description: Git repository viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gitg.local | 5 | include gitg.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.gitconfig | 9 | noblacklist ${HOME}/.gitconfig |
| 10 | noblacklist ${HOME}/.local/share/gitg | 10 | noblacklist ${HOME}/.local/share/gitg |
| 11 | noblacklist ${HOME}/.ssh | 11 | noblacklist ${HOME}/.ssh |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | no3d | 22 | no3d |
diff --git a/etc/gitter.profile b/etc/gitter.profile index b5bedb66d..5278f7a71 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for gitter | 1 | # Firejail profile for gitter |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gitter.local | 4 | include gitter.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
| 9 | noblacklist ${HOME}/.config/Gitter | 9 | noblacklist ${HOME}/.config/Gitter |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.config/autostart | 18 | whitelist ${HOME}/.config/autostart |
| 19 | whitelist ${HOME}/.config/Gitter | 19 | whitelist ${HOME}/.config/Gitter |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | machine-id | 23 | machine-id |
diff --git a/etc/gjs.profile b/etc/gjs.profile index a603ad695..5e3370066 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Mozilla-based javascript bindings for the GNOME platform | 2 | # Description: Mozilla-based javascript bindings for the GNOME platform |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gjs.local | 5 | include gjs.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 10 | 10 | ||
| @@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books | |||
| 13 | noblacklist ${HOME}/.config/libreoffice | 13 | noblacklist ${HOME}/.config/libreoffice |
| 14 | noblacklist ${HOME}/.local/share/gnome-photos | 14 | noblacklist ${HOME}/.local/share/gnome-photos |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index e414abf8c..44b17eace 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for globaltime | 1 | # Firejail profile for globaltime |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/globaltime.local | 4 | include globaltime.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/globaltime | 8 | noblacklist ${HOME}/.config/globaltime |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 62b67b942..166669a19 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Sliding tile puzzle game | 2 | # Description: Sliding tile puzzle game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-2048.local | 5 | include gnome-2048.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/gnome-2048 | 9 | noblacklist ${HOME}/.local/share/gnome-2048 |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | mkdir ${HOME}/.local/share/gnome-2048 | 19 | mkdir ${HOME}/.local/share/gnome-2048 |
| 20 | whitelist ${HOME}/.local/share/gnome-2048 | 20 | whitelist ${HOME}/.local/share/gnome-2048 |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6fc2671d8..a55b3f574 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for gnome-books | 1 | # Firejail profile for gnome-books |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gnome-books.local | 4 | include gnome-books.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index 3b7e3d53a..70bbd53bd 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
| @@ -2,14 +2,14 @@ | |||
| 2 | # Description: IDE for GNOME | 2 | # Description: IDE for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-builder.local | 5 | include gnome-builder.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | 13 | ||
| 14 | caps.drop all | 14 | caps.drop all |
| 15 | ipc-namespace | 15 | ipc-namespace |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 315564ee5..3a2aa5c1d 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
| @@ -3,19 +3,19 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/gnome-calculator.local | 6 | include gnome-calculator.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | # apparmor - makes settings immutable | 20 | # apparmor - makes settings immutable |
| 21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 74194cb33..4dfbbba0c 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Simple chess game | 2 | # Description: Simple chess game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-chess.local | 5 | include gnome-chess.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/gnome-chess | 9 | noblacklist ${HOME}/.local/share/gnome-chess |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | no3d | 21 | no3d |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index a914c302f..a6514f44f 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Simple GNOME app with stopwatch, timer, and world clock support | 2 | # Description: Simple GNOME app with stopwatch, timer, and world clock support |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-clocks.local | 5 | include gnome-clocks.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 91593c89b..22121fda8 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Contacts manager for GNOME | 2 | # Description: Contacts manager for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-contacts.local | 5 | include gnome-contacts.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 44886d562..abb9c7304 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Document manager for GNOME | 2 | # Description: Document manager for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-documents.local | 5 | include gnome-documents.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.config/libreoffice | 11 | noblacklist ${HOME}/.config/libreoffice |
| 12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index e11d6eb5d..a9793b7b3 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Font viewer for GNOME | 2 | # Description: Font viewer for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-font-viewer.local | 5 | include gnome-font-viewer.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index edb895794..613a56350 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Viewer for the systemd journal | 2 | # Description: Viewer for the systemd journal |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-logs.local | 5 | include gnome-logs.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
| 15 | 15 | ||
| 16 | whitelist /var/log/journal | 16 | whitelist /var/log/journal |
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index f8ff61d84..62a1241cc 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Map application for GNOME | 2 | # Description: Map application for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-maps.local | 5 | include gnome-maps.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.cache/champlain | 11 | noblacklist ${HOME}/.cache/champlain |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 9ba4969e5..96adf7a5c 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: GTK/Gnome interface around MPlayer | 2 | # Description: GTK/Gnome interface around MPlayer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-mplayer.local | 5 | include gnome-mplayer.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/gnome-mplayer | 9 | noblacklist ${HOME}/.config/gnome-mplayer |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | nogroups | 21 | nogroups |
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index 84a70c4c5..3d04470b7 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Simple GTK+ frontend for mpv | 2 | # Description: Simple GTK+ frontend for mpv |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-mpv.local | 5 | include gnome-mpv.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/gnome-mpv | 9 | noblacklist ${HOME}/.config/gnome-mpv |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | nodbus | 23 | nodbus |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 819c40c98..b902f51bc 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: GNOME music player | 2 | # Description: GNOME music player |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-music.local | 5 | include gnome-music.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/gnome-music | 9 | noblacklist ${HOME}/.local/share/gnome-music |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| @@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 5a3ac53d8..8b982156b 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Access, organize and share your photos with GNOME | 2 | # Description: Access, organize and share your photos with GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-photos.local | 5 | include gnome-photos.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.local/share/gnome-photos | 11 | noblacklist ${HOME}/.local/share/gnome-photos |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index 41f6de346..cef741eb3 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Alternative AppMenu | 2 | # Description: Alternative AppMenu |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-pie.local | 5 | include gnome-pie.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/gnome-pie | 9 | noblacklist ${HOME}/.config/gnome-pie |
| 10 | 10 | ||
| 11 | #include /etc/firejail/disable-common.inc | 11 | #include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | #include /etc/firejail/disable-interpreters.inc | 13 | #include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | #include /etc/firejail/disable-programs.inc | 15 | #include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index ed6d341eb..867ea8561 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Recipe application for GNOME | 2 | # Description: Recipe application for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-recipes.local | 5 | include gnome-recipes.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.local/share/gnome-recipes | 10 | noblacklist ${HOME}/.local/share/gnome-recipes |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/gnome-recipes | 18 | mkdir ${HOME}/.cache/gnome-recipes |
| 19 | whitelist ${HOME}/.cache/gnome-recipes | 19 | whitelist ${HOME}/.cache/gnome-recipes |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile index cbc79320e..f660df690 100644 --- a/etc/gnome-ring.profile +++ b/etc/gnome-ring.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for gnome-ring | 1 | # Firejail profile for gnome-ring |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gnome-ring.local | 4 | include gnome-ring.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.local/share/gnome-ring | 8 | noblacklist ${HOME}/.local/share/gnome-ring |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index e670ba22f..2016f6c6e 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash | 2 | # Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-twitch.local | 5 | include gnome-twitch.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/gnome-twitch | 9 | noblacklist ${HOME}/.cache/gnome-twitch |
| 10 | noblacklist ${HOME}/.local/share/gnome-twitch | 10 | noblacklist ${HOME}/.local/share/gnome-twitch |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/gnome-twitch | 18 | mkdir ${HOME}/.cache/gnome-twitch |
| 19 | mkdir ${HOME}/.local/share/gnome-twitch | 19 | mkdir ${HOME}/.local/share/gnome-twitch |
| 20 | whitelist ${HOME}/.cache/gnome-twitch | 20 | whitelist ${HOME}/.cache/gnome-twitch |
| 21 | whitelist ${HOME}/.local/share/gnome-twitch | 21 | whitelist ${HOME}/.local/share/gnome-twitch |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | nodvd | 25 | nodvd |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 4d28278b1..f1035ce7e 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Access current conditions and forecasts | 2 | # Description: Access current conditions and forecasts |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gnome-weather.local | 5 | include gnome-weather.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/goobox.profile b/etc/goobox.profile index ba949f1c9..32cfc2f58 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: CD player and ripper with GNOME 3 integration | 2 | # Description: CD player and ripper with GNOME 3 integration |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/goobox.local | 5 | include goobox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index ab16558ea..73101f509 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for google-chrome-beta | 1 | # Firejail profile for google-chrome-beta |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/google-chrome-beta.local | 4 | include google-chrome-beta.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/google-chrome-beta | 8 | noblacklist ${HOME}/.cache/google-chrome-beta |
| 9 | noblacklist ${HOME}/.config/google-chrome-beta | 9 | noblacklist ${HOME}/.config/google-chrome-beta |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta | |||
| 14 | whitelist ${HOME}/.config/google-chrome-beta | 14 | whitelist ${HOME}/.config/google-chrome-beta |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile index 6ade19021..55868e0b7 100644 --- a/etc/google-chrome-stable.profile +++ b/etc/google-chrome-stable.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/google-chrome.profile | 6 | include google-chrome.profile |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index b7d0eccf3..50e9923aa 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for google-chrome-unstable | 1 | # Firejail profile for google-chrome-unstable |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/google-chrome-unstable.local | 4 | include google-chrome-unstable.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/google-chrome-unstable | 8 | noblacklist ${HOME}/.cache/google-chrome-unstable |
| 9 | noblacklist ${HOME}/.config/google-chrome-unstable | 9 | noblacklist ${HOME}/.config/google-chrome-unstable |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable | |||
| 14 | whitelist ${HOME}/.config/google-chrome-unstable | 14 | whitelist ${HOME}/.config/google-chrome-unstable |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6e44190ae..c69e98271 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for google-chrome | 1 | # Firejail profile for google-chrome |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/google-chrome.local | 4 | include google-chrome.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/google-chrome | 8 | noblacklist ${HOME}/.cache/google-chrome |
| 9 | noblacklist ${HOME}/.config/google-chrome | 9 | noblacklist ${HOME}/.config/google-chrome |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome | |||
| 14 | whitelist ${HOME}/.config/google-chrome | 14 | whitelist ${HOME}/.config/google-chrome |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index bafa716d1..7e261ecc7 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for google-earth | 1 | # Firejail profile for google-earth |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/google-earth.local | 4 | include google-earth.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
| 9 | noblacklist ${HOME}/.googleearth/Cache/ | 9 | noblacklist ${HOME}/.googleearth/Cache/ |
| @@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/ | |||
| 11 | noblacklist ${HOME}/.googleearth/myplaces.backup.kml | 11 | noblacklist ${HOME}/.googleearth/myplaces.backup.kml |
| 12 | noblacklist ${HOME}/.googleearth/myplaces.kml | 12 | noblacklist ${HOME}/.googleearth/myplaces.kml |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | mkdir ${HOME}/.config/Google | 20 | mkdir ${HOME}/.config/Google |
| 21 | mkdir ${HOME}/.googleearth/Cache/ | 21 | mkdir ${HOME}/.googleearth/Cache/ |
| @@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/ | |||
| 27 | whitelist ${HOME}/.googleearth/Temp/ | 27 | whitelist ${HOME}/.googleearth/Temp/ |
| 28 | whitelist ${HOME}/.googleearth/myplaces.backup.kml | 28 | whitelist ${HOME}/.googleearth/myplaces.backup.kml |
| 29 | whitelist ${HOME}/.googleearth/myplaces.kml | 29 | whitelist ${HOME}/.googleearth/myplaces.kml |
| 30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
| 31 | 31 | ||
| 32 | caps.drop all | 32 | caps.drop all |
| 33 | ipc-namespace | 33 | ipc-namespace |
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 7a19cc676..73041bada 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for google-play-music-desktop-player | 1 | # Firejail profile for google-play-music-desktop-player |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/google-play-music-desktop-player.local | 4 | include google-play-music-desktop-player.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Google Play Music Desktop Player | 8 | noblacklist ${HOME}/.config/Google Play Music Desktop Player |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | # whitelist ${HOME}/.config/pulse | 16 | # whitelist ${HOME}/.config/pulse |
| 17 | # whitelist ${HOME}/.pulse | 17 | # whitelist ${HOME}/.pulse |
| 18 | whitelist ${HOME}/.config/Google Play Music Desktop Player | 18 | whitelist ${HOME}/.config/Google Play Music Desktop Player |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/gpa.profile b/etc/gpa.profile index c890beb2e..d8083fc96 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: GNU Privacy Assistant (GPA) | 2 | # Description: GNU Privacy Assistant (GPA) |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gpa.local | 5 | include gpa.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 0cc17b366..73a587136 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: GNU privacy guard - cryptographic agent | 2 | # Description: GNU privacy guard - cryptographic agent |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gpg-agent.local | 5 | include gpg-agent.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 259a95807..a801d7d09 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: GNU Privacy Guard -- minimalist public key operations | 2 | # Description: GNU Privacy Guard -- minimalist public key operations |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gpg.local | 5 | include gpg.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 04aecc782..8f4b64cfc 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Lightweight image viewer | 2 | # Description: Lightweight image viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gpicview.local | 5 | include gpicview.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/gpicview | 9 | noblacklist ${HOME}/.config/gpicview |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ea60e7287..760a647ba 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Satellite tracking program | 2 | # Description: Satellite tracking program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gpredict.local | 5 | include gpredict.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Gpredict | 9 | noblacklist ${HOME}/.config/Gpredict |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${HOME}/.config/Gpredict | 17 | whitelist ${HOME}/.config/Gpredict |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/gradio.profile b/etc/gradio.profile index bba92a0bc..e7f415090 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile | |||
| @@ -1,25 +1,25 @@ | |||
| 1 | # Firejail profile for gradio | 1 | # Firejail profile for gradio |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gradio.local | 4 | include gradio.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/gradio | 8 | noblacklist ${HOME}/.cache/gradio |
| 9 | noblacklist ${HOME}/.local/share/gradio | 9 | noblacklist ${HOME}/.local/share/gradio |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.cache/gradio | 17 | mkdir ${HOME}/.cache/gradio |
| 18 | mkdir ${HOME}/.local/share/gradio | 18 | mkdir ${HOME}/.local/share/gradio |
| 19 | whitelist ${HOME}/.cache/gradio | 19 | whitelist ${HOME}/.cache/gradio |
| 20 | whitelist ${HOME}/.local/share/gradio | 20 | whitelist ${HOME}/.local/share/gradio |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/gtar.profile b/etc/gtar.profile index d4bf18f95..12acb8356 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/tar.profile | 6 | include tar.profile |
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 6c4de8bf0..e08ebcdcd 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Image viewer and browser | 2 | # Description: Image viewer and browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gthumb.local | 5 | include gthumb.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/gthumb | 9 | noblacklist ${HOME}/.config/gthumb |
| 10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
| 11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | nodvd | 20 | nodvd |
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 775c79521..0b83ea250 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for guayadeque | 1 | # Firejail profile for guayadeque |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/guayadeque.local | 4 | include guayadeque.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.guayadeque | 8 | noblacklist ${HOME}/.guayadeque |
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 88e441b14..978757612 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Unicode character picker and font browser | 2 | # Description: Unicode character picker and font browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gucharmap.local | 5 | include gucharmap.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/gunzip.profile b/etc/gunzip.profile index 8ea523df7..fe35f8fe7 100644 --- a/etc/gunzip.profile +++ b/etc/gunzip.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for gunzip | 1 | # Firejail profile for gunzip |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/gunzip.local | 4 | include gunzip.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Redirect | 8 | # Redirect |
| 9 | include /etc/firejail/gzip.profile | 9 | include gzip.profile |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index cf9b27e0f..f2bf94209 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Image viewer | 2 | # Description: Image viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/gwenview.local | 5 | include gwenview.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
| 10 | noblacklist ${HOME}/.config/gwenviewrc | 10 | noblacklist ${HOME}/.config/gwenviewrc |
| @@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc | |||
| 17 | noblacklist ${HOME}/.local/share/gwenview | 17 | noblacklist ${HOME}/.local/share/gwenview |
| 18 | noblacklist ${HOME}/.local/share/org.kde.gwenview | 18 | noblacklist ${HOME}/.local/share/org.kde.gwenview |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | apparmor | 28 | apparmor |
| 29 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 9157d398a..4a24736a7 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/gzip.local | 6 | include gzip.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -23,4 +23,4 @@ tracelog | |||
| 23 | 23 | ||
| 24 | private-dev | 24 | private-dev |
| 25 | 25 | ||
| 26 | include /etc/firejail/default.profile | 26 | include default.profile |
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile index de6244a32..1cb09ddde 100644 --- a/etc/handbrake-gtk.profile +++ b/etc/handbrake-gtk.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/handbrake.profile | 6 | include handbrake.profile |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 32da097ce..57f706d72 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Versatile DVD ripper and video transcoder (GTK+ GUI) | 2 | # Description: Versatile DVD ripper and video transcoder (GTK+ GUI) |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/handbrake.local | 5 | include handbrake.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/ghb | 9 | noblacklist ${HOME}/.config/ghb |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | apparmor | 22 | apparmor |
| 23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 8bc861dde..353f9e638 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
| @@ -3,20 +3,20 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/hashcat.local | 6 | include hashcat.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.hashcat | 10 | noblacklist ${HOME}/.hashcat |
| 11 | noblacklist /usr/include | 11 | noblacklist /usr/include |
| 12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 542771639..39309f482 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Funny turn-based artillery game, featuring fighting hedgehogs | 2 | # Description: Funny turn-based artillery game, featuring fighting hedgehogs |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/hedgewars.local | 5 | include hedgewars.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.hedgewars | 9 | noblacklist ${HOME}/.hedgewars |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.hedgewars | 17 | mkdir ${HOME}/.hedgewars |
| 18 | whitelist ${HOME}/.hedgewars | 18 | whitelist ${HOME}/.hedgewars |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index a2c163e6a..ffe7909c2 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: IRC client for X based on X-Chat 2 | 2 | # Description: IRC client for X based on X-Chat 2 |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/hexchat.local | 5 | include hexchat.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/hexchat | 9 | noblacklist ${HOME}/.config/hexchat |
| 10 | noblacklist /usr/share/perl* | 10 | noblacklist /usr/share/perl* |
| @@ -15,16 +15,16 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | mkdir ${HOME}/.config/hexchat | 24 | mkdir ${HOME}/.config/hexchat |
| 25 | whitelist ${HOME}/.config/hexchat | 25 | whitelist ${HOME}/.config/hexchat |
| 26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | machine-id | 30 | machine-id |
diff --git a/etc/highlight.profile b/etc/highlight.profile index d313f2769..2dc8ac470 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Universal source code to formatted text converter | 2 | # Description: Universal source code to formatted text converter |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/highlight.local | 5 | include highlight.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/hugin.profile b/etc/hugin.profile index 35505c698..1b345fdc2 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Panorama photo stitcher | 2 | # Description: Panorama photo stitcher |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/hugin.local | 5 | include hugin.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.hugin | 9 | noblacklist ${HOME}/.hugin |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | net none | 21 | net none |
diff --git a/etc/i3.profile b/etc/i3.profile index efbc1f6e7..c1ca0e413 100644 --- a/etc/i3.profile +++ b/etc/i3.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/i3.local | 5 | include i3.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
| 10 | noblacklist ${HOME}/.config/i3 | 10 | noblacklist ${HOME}/.config/i3 |
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 42e762c21..660343a29 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for icecat | 1 | # Firejail profile for icecat |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/icecat.local | 4 | include icecat.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
| 9 | noblacklist ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
| @@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla | |||
| 17 | #private-etc icecat | 17 | #private-etc icecat |
| 18 | 18 | ||
| 19 | # Redirect | 19 | # Redirect |
| 20 | include /etc/firejail/firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/icedove.profile b/etc/icedove.profile index 80cff3878..a66309bf1 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for icedove | 1 | # Firejail profile for icedove |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/icedove.local | 4 | include icedove.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Users have icedove set to open a browser by clicking a link in an email | 8 | # Users have icedove set to open a browser by clicking a link in an email |
| 9 | # We are not allowed to blacklist browser-specific directories | 9 | # We are not allowed to blacklist browser-specific directories |
| @@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove | |||
| 18 | whitelist ${HOME}/.cache/icedove | 18 | whitelist ${HOME}/.cache/icedove |
| 19 | whitelist ${HOME}/.gnupg | 19 | whitelist ${HOME}/.gnupg |
| 20 | whitelist ${HOME}/.icedove | 20 | whitelist ${HOME}/.icedove |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | ignore private-tmp | 23 | ignore private-tmp |
| 24 | 24 | ||
| 25 | # allow browsers | 25 | # allow browsers |
| 26 | # Redirect | 26 | # Redirect |
| 27 | include /etc/firejail/firefox.profile | 27 | include firefox.profile |
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 51f15aa1b..24a2f4cc3 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for iceweasel | 1 | # Firejail profile for iceweasel |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/iceweasel.local | 4 | include iceweasel.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # private-etc must first be enabled in firefox-common.profile | 8 | # private-etc must first be enabled in firefox-common.profile |
| 9 | #private-etc iceweasel | 9 | #private-etc iceweasel |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/firefox.profile | 12 | include firefox.profile |
diff --git a/etc/idea.profile b/etc/idea.profile index 623d71734..d56dceb71 100644 --- a/etc/idea.profile +++ b/etc/idea.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for idea | 1 | # Firejail profile for idea |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/idea.local | 4 | include idea.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 06328ccbf..1c1158707 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for idea.sh | 1 | # Firejail profile for idea.sh |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/idea.sh.local | 4 | include idea.sh.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.IdeaIC* | 8 | noblacklist ${HOME}/.IdeaIC* |
| 9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
| @@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
| 16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
| 17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile index f7a69fa94..b960b08e5 100644 --- a/etc/ideaIC.profile +++ b/etc/ideaIC.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for ideaIC | 1 | # Firejail profile for ideaIC |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ideaIC.local | 4 | include ideaIC.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/imagej.profile b/etc/imagej.profile index 4de064390..9fff11d31 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Image processing program with a focus on microscopy images | 2 | # Description: Image processing program with a focus on microscopy images |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/imagej.local | 5 | include imagej.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.imagej | 9 | noblacklist ${HOME}/.imagej |
| 10 | 10 | ||
| @@ -14,11 +14,11 @@ noblacklist /usr/lib/java | |||
| 14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
| 15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index c9ee18f80..63ce645a5 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for img2txt | 1 | # Firejail profile for img2txt |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/img2txt.local | 4 | include img2txt.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
| 9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | net none | 19 | net none |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 56fdfd081..afd979327 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Vector-based drawing program | 2 | # Description: Vector-based drawing program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/inkscape.local | 5 | include inkscape.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/inkscape | 9 | noblacklist ${HOME}/.cache/inkscape |
| 10 | noblacklist ${HOME}/.config/inkscape | 10 | noblacklist ${HOME}/.config/inkscape |
| @@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape | |||
| 12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
| 13 | noblacklist ${PICTURES} | 13 | noblacklist ${PICTURES} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | apparmor | 24 | apparmor |
| 25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/inox.profile b/etc/inox.profile index 652761c54..1b3db73b4 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for inox | 1 | # Firejail profile for inox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/inox.local | 4 | include inox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/inox | 8 | noblacklist ${HOME}/.cache/inox |
| 9 | noblacklist ${HOME}/.config/inox | 9 | noblacklist ${HOME}/.config/inox |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox | |||
| 14 | whitelist ${HOME}/.config/inox | 14 | whitelist ${HOME}/.config/inox |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile index 1baa07cb7..0a6418d5c 100644 --- a/etc/iridium-browser.profile +++ b/etc/iridium-browser.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/iridium.profile | 6 | include iridium.profile |
diff --git a/etc/iridium.profile b/etc/iridium.profile index 2869c3070..ebb39b0a3 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for iridium | 1 | # Firejail profile for iridium |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/iridium.local | 4 | include iridium.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/iridium | 8 | noblacklist ${HOME}/.cache/iridium |
| 9 | noblacklist ${HOME}/.config/iridium | 9 | noblacklist ${HOME}/.config/iridium |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium | |||
| 14 | whitelist ${HOME}/.config/iridium | 14 | whitelist ${HOME}/.config/iridium |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/itch.profile b/etc/itch.profile index 2ad669952..83ee20f23 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
| @@ -1,24 +1,24 @@ | |||
| 1 | # Firejail profile for itch | 1 | # Firejail profile for itch |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/itch.local | 4 | include itch.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
| 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.config/itch | 11 | noblacklist ${HOME}/.config/itch |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | mkdir ${HOME}/.config/itch | 19 | mkdir ${HOME}/.config/itch |
| 20 | whitelist ${HOME}/.config/itch | 20 | whitelist ${HOME}/.config/itch |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 3a280dab7..65b6e3c5b 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for jd-gui | 1 | # Firejail profile for jd-gui |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/jd-gui.local | 4 | include jd-gui.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | noblacklist ${HOME}/.config/jd-gui.cfg |
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| @@ -14,14 +14,14 @@ noblacklist /usr/lib/java | |||
| 14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
| 15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | net none | 27 | net none |
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile index dbcc85e8d..037d92338 100644 --- a/etc/jdownloader.profile +++ b/etc/jdownloader.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for jdownloader | 1 | # Firejail profile for jdownloader |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/jdownloader.local | 4 | include jdownloader.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/JDownloader.profile | 10 | include JDownloader.profile |
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index b3b09f4b1..5a575bb71 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for jitsi | 1 | # Firejail profile for jitsi |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/jitsi.local | 4 | include jitsi.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
| 9 | 9 | ||
| @@ -13,11 +13,11 @@ noblacklist /usr/lib/java | |||
| 13 | noblacklist /etc/java | 13 | noblacklist /etc/java |
| 14 | noblacklist /usr/share/java | 14 | noblacklist /usr/share/java |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | nodvd | 23 | nodvd |
diff --git a/etc/k3b.profile b/etc/k3b.profile index 6b4c15560..8c599d0ca 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Sophisticated CD/DVD burning application | 2 | # Description: Sophisticated CD/DVD burning application |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/k3b.local | 5 | include k3b.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/k3brc | 9 | noblacklist ${HOME}/.config/k3brc |
| 10 | noblacklist ${HOME}/.kde/share/config/k3brc | 10 | noblacklist ${HOME}/.kde/share/config/k3brc |
| 11 | noblacklist ${HOME}/.kde4/share/config/k3brc | 11 | noblacklist ${HOME}/.kde4/share/config/k3brc |
| 12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | no3d | 24 | no3d |
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index 204c20501..3e9456ba0 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Versatile media player for KDE | 2 | # Description: Versatile media player for KDE |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kaffeine.local | 5 | include kaffeine.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/kaffeinerc | 9 | noblacklist ${HOME}/.config/kaffeinerc |
| 10 | noblacklist ${HOME}/.kde/share/apps/kaffeine | 10 | noblacklist ${HOME}/.kde/share/apps/kaffeine |
| @@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/kaffeine | |||
| 15 | noblacklist ${MUSIC} | 15 | noblacklist ${MUSIC} |
| 16 | noblacklist ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/karbon.profile b/etc/karbon.profile index 3525a3e06..e9e3c2a69 100644 --- a/etc/karbon.profile +++ b/etc/karbon.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/krita.profile | 6 | include krita.profile |
diff --git a/etc/kate.profile b/etc/kate.profile index 8a53a56a8..e0aa78b26 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Powerful text editor | 2 | # Description: Powerful text editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kate.local | 5 | include kate.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/katemetainfos | 9 | noblacklist ${HOME}/.config/katemetainfos |
| 10 | noblacklist ${HOME}/.config/katepartrc | 10 | noblacklist ${HOME}/.config/katepartrc |
| @@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc | |||
| 14 | noblacklist ${HOME}/.config/katevirc | 14 | noblacklist ${HOME}/.config/katevirc |
| 15 | noblacklist ${HOME}/.local/share/kate | 15 | noblacklist ${HOME}/.local/share/kate |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | # include /etc/firejail/disable-devel.inc | 18 | # include disable-devel.inc |
| 19 | # include /etc/firejail/disable-interpreters.inc | 19 | # include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | # apparmor | 25 | # apparmor |
| 26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 20ad8f23a..03df23ec1 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: Simple and scientific calculator | 2 | # Description: Simple and scientific calculator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kcalc.local | 5 | include kcalc.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkfile ${HOME}/.config/kcalcrc | 16 | mkfile ${HOME}/.config/kcalcrc |
| 17 | mkfile ${HOME}/.kde/share/config/kcalcrc | 17 | mkfile ${HOME}/.kde/share/config/kcalcrc |
| @@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc | |||
| 19 | whitelist ${HOME}/.config/kcalcrc | 19 | whitelist ${HOME}/.config/kcalcrc |
| 20 | whitelist ${HOME}/.kde/share/config/kcalcrc | 20 | whitelist ${HOME}/.kde/share/config/kcalcrc |
| 21 | whitelist ${HOME}/.kde4/share/config/kcalcrc | 21 | whitelist ${HOME}/.kde4/share/config/kcalcrc |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | apparmor | 25 | apparmor |
| 26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index 76de15ccf..f853b1812 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for kdeinit4 | 1 | # Firejail profile for kdeinit4 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/kdeinit4.local | 4 | include kdeinit4.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # use outside KDE Plasma 4 | 8 | # use outside KDE Plasma 4 |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 4aca10995..1d7b2ff53 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Non-linear video editor | 2 | # Description: Non-linear video editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kdenlive.local | 5 | include kdenlive.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/kdenlive | 9 | noblacklist ${HOME}/.cache/kdenlive |
| 10 | noblacklist ${HOME}/.config/kdenliverc | 10 | noblacklist ${HOME}/.config/kdenliverc |
| 11 | noblacklist ${HOME}/.local/share/kdenlive | 11 | noblacklist ${HOME}/.local/share/kdenlive |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | apparmor | 19 | apparmor |
| 20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/keepass.profile b/etc/keepass.profile index e27248357..96b522f17 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: An easy-to-use password manager | 2 | # Description: An easy-to-use password manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/keepass.local | 5 | include keepass.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
| 10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
| @@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass | |||
| 15 | noblacklist ${HOME}/.local/share/keepass | 15 | noblacklist ${HOME}/.local/share/keepass |
| 16 | noblacklist ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/keepass2.profile b/etc/keepass2.profile index d29fc6abc..9e33e08db 100644 --- a/etc/keepass2.profile +++ b/etc/keepass2.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/keepass.profile | 6 | include keepass.profile |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 94aaa5597..eb8d2e235 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Cross Platform Password Manager | 2 | # Description: Cross Platform Password Manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/keepassx.local | 5 | include keepassx.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
| 10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
| @@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx | |||
| 12 | noblacklist ${HOME}/.keepassx | 12 | noblacklist ${HOME}/.keepassx |
| 13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | machine-id | 25 | machine-id |
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 4e74c2cea..fdd27e9f9 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | 4 | ||
| 5 | # Redirects | 5 | # Redirects |
| 6 | include /etc/firejail/keepassx.profile | 6 | include keepassx.profile |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index a00d17878..bb0ec602f 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Cross Platform Password Manager | 2 | # Description: Cross Platform Password Manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/keepassxc.local | 5 | include keepassxc.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
| 10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
| @@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc | |||
| 14 | noblacklist ${HOME}/.mozilla | 14 | noblacklist ${HOME}/.mozilla |
| 15 | noblacklist ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | machine-id | 27 | machine-id |
diff --git a/etc/kget.profile b/etc/kget.profile index a32b51626..582b297f9 100644 --- a/etc/kget.profile +++ b/etc/kget.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Download manager | 2 | # Description: Download manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kget.local | 5 | include kget.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
| 10 | noblacklist ${HOME}/.kde/share/apps/kget | 10 | noblacklist ${HOME}/.kde/share/apps/kget |
| @@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget | |||
| 13 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 13 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
| 14 | noblacklist ${HOME}/.local/share/kget | 14 | noblacklist ${HOME}/.local/share/kget |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/kino.profile b/etc/kino.profile index cda86ddc6..31613259c 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Non-linear editor for Digital Video data | 2 | # Description: Non-linear editor for Digital Video data |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kino.local | 5 | include kino.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.kino-history | 9 | noblacklist ${HOME}/.kino-history |
| 10 | noblacklist ${HOME}/.kinorc | 10 | noblacklist ${HOME}/.kinorc |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 308a981f7..89c591280 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Full featured graphical email client | 2 | # Description: Full featured graphical email client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kmail.local | 5 | include kmail.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
| 10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
| @@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail | |||
| 29 | noblacklist ${HOME}/.local/share/notes | 29 | noblacklist ${HOME}/.local/share/notes |
| 30 | noblacklist /tmp/akonadi-* | 30 | noblacklist /tmp/akonadi-* |
| 31 | 31 | ||
| 32 | include /etc/firejail/disable-common.inc | 32 | include disable-common.inc |
| 33 | include /etc/firejail/disable-devel.inc | 33 | include disable-devel.inc |
| 34 | include /etc/firejail/disable-interpreters.inc | 34 | include disable-interpreters.inc |
| 35 | include /etc/firejail/disable-passwdmgr.inc | 35 | include disable-passwdmgr.inc |
| 36 | include /etc/firejail/disable-programs.inc | 36 | include disable-programs.inc |
| 37 | 37 | ||
| 38 | include /etc/firejail/whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
| 39 | 39 | ||
| 40 | # apparmor | 40 | # apparmor |
| 41 | caps.drop all | 41 | caps.drop all |
diff --git a/etc/knotes.profile b/etc/knotes.profile index 147d2d831..e7ea04873 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Sticky notes application | 2 | # Description: Sticky notes application |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/knotes.local | 5 | include knotes.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # knotes has problems launching akonadi in debian and ubuntu. | 9 | # knotes has problems launching akonadi in debian and ubuntu. |
| 10 | # one solution is to have akonadi already running when knotes is started | 10 | # one solution is to have akonadi already running when knotes is started |
| @@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes | |||
| 14 | 14 | ||
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/kmail.profile | 17 | include kmail.profile |
diff --git a/etc/kodi.profile b/etc/kodi.profile index 9dd7770ad..f02dec787 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Open Source Home Theatre | 2 | # Description: Open Source Home Theatre |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kodi.local | 5 | include kodi.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.kodi | 9 | noblacklist ${HOME}/.kodi |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | apparmor | 29 | apparmor |
| 30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/konversation.profile b/etc/konversation.profile index b66f40600..dff8bbab4 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: User friendly Internet Relay Chat (IRC) client for KDE | 2 | # Description: User friendly Internet Relay Chat (IRC) client for KDE |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/konversation.local | 5 | include konversation.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/konversationrc | 9 | noblacklist ${HOME}/.config/konversationrc |
| 10 | noblacklist ${HOME}/.kde/share/config/konversationrc | 10 | noblacklist ${HOME}/.kde/share/config/konversationrc |
| 11 | noblacklist ${HOME}/.kde4/share/config/konversationrc | 11 | noblacklist ${HOME}/.kde4/share/config/konversationrc |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/kopete.profile b/etc/kopete.profile index d7829113d..0ac7c7e97 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Instant messaging and chat application | 2 | # Description: Instant messaging and chat application |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kopete.local | 5 | include kopete.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.kde/share/apps/kopete | 9 | noblacklist ${HOME}/.kde/share/apps/kopete |
| 10 | noblacklist ${HOME}/.kde/share/config/kopeterc | 10 | noblacklist ${HOME}/.kde/share/config/kopeterc |
| 11 | noblacklist ${HOME}/.kde4/share/apps/kopete | 11 | noblacklist ${HOME}/.kde4/share/apps/kopete |
| 12 | noblacklist ${HOME}/.kde4/share/config/kopeterc | 12 | noblacklist ${HOME}/.kde4/share/config/kopeterc |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | whitelist /var/lib/winpopup | 20 | whitelist /var/lib/winpopup |
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/krita.profile b/etc/krita.profile index 5a1f3d031..ba3bb820f 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Pixel-based image manipulation program | 2 | # Description: Pixel-based image manipulation program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/krita.local | 5 | include krita.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/kritarc | 9 | noblacklist ${HOME}/.config/kritarc |
| 10 | noblacklist ${HOME}/.local/share/krita | 10 | noblacklist ${HOME}/.local/share/krita |
| @@ -17,12 +17,12 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | apparmor | 27 | apparmor |
| 28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/krunner.profile b/etc/krunner.profile index 0b1b9e5de..c64113c15 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Framework for providing different actions given a string query | 2 | # Description: Framework for providing different actions given a string query |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/krunner.local | 5 | include krunner.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # - programs started in krunner run with this generic profile. | 9 | # - programs started in krunner run with this generic profile. |
| 10 | # - when a file is opened in krunner, the file viewer runs in its own sandbox | 10 | # - when a file is opened in krunner, the file viewer runs in its own sandbox |
| @@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc | |||
| 19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
| 20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
| 21 | 21 | ||
| 22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
| 23 | # include /etc/firejail/disable-devel.inc | 23 | # include disable-devel.inc |
| 24 | # include /etc/firejail/disable-interpreters.inc | 24 | # include disable-interpreters.inc |
| 25 | # include /etc/firejail/disable-passwdmgr.inc | 25 | # include disable-passwdmgr.inc |
| 26 | # include /etc/firejail/disable-programs.inc | 26 | # include disable-programs.inc |
| 27 | 27 | ||
| 28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
| 29 | 29 | ||
| 30 | caps.drop all | 30 | caps.drop all |
| 31 | netfilter | 31 | netfilter |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 14ee3322c..344d1f932 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: BitTorrent client based on the KDE platform | 2 | # Description: BitTorrent client based on the KDE platform |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ktorrent.local | 5 | include ktorrent.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/ktorrentrc | 9 | noblacklist ${HOME}/.config/ktorrentrc |
| 10 | noblacklist ${HOME}/.kde/share/apps/ktorrent | 10 | noblacklist ${HOME}/.kde/share/apps/ktorrent |
| @@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent | |||
| 13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc | 13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc |
| 14 | noblacklist ${HOME}/.local/share/ktorrent | 14 | noblacklist ${HOME}/.local/share/ktorrent |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | mkdir ${HOME}/.kde/share/apps/ktorrent | 22 | mkdir ${HOME}/.kde/share/apps/ktorrent |
| 23 | mkdir ${HOME}/.kde4/share/apps/ktorrent | 23 | mkdir ${HOME}/.kde4/share/apps/ktorrent |
| @@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc | |||
| 32 | whitelist ${HOME}/.kde4/share/apps/ktorrent | 32 | whitelist ${HOME}/.kde4/share/apps/ktorrent |
| 33 | whitelist ${HOME}/.kde4/share/config/ktorrentrc | 33 | whitelist ${HOME}/.kde4/share/config/ktorrentrc |
| 34 | whitelist ${HOME}/.local/share/ktorrent | 34 | whitelist ${HOME}/.local/share/ktorrent |
| 35 | include /etc/firejail/whitelist-common.inc | 35 | include whitelist-common.inc |
| 36 | include /etc/firejail/whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
| 37 | 37 | ||
| 38 | caps.drop all | 38 | caps.drop all |
| 39 | machine-id | 39 | machine-id |
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index ca7c5042d..a7a42d5ad 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for kwin_x11 | 1 | # Firejail profile for kwin_x11 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/kwin_x11.local | 4 | include kwin_x11.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/kwin | 8 | noblacklist ${HOME}/.cache/kwin |
| 9 | noblacklist ${HOME}/.config/kwinrc | 9 | noblacklist ${HOME}/.config/kwinrc |
| 10 | noblacklist ${HOME}/.config/kwinrulesrc | 10 | noblacklist ${HOME}/.config/kwinrulesrc |
| 11 | noblacklist ${HOME}/.local/share/kwin | 11 | noblacklist ${HOME}/.local/share/kwin |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index f080b3ffc..bde981737 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Simple text editor | 2 | # Description: Simple text editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/kwrite.local | 5 | include kwrite.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/katepartrc | 9 | noblacklist ${HOME}/.config/katepartrc |
| 10 | noblacklist ${HOME}/.config/katerc | 10 | noblacklist ${HOME}/.config/katerc |
| @@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc | |||
| 15 | noblacklist ${HOME}/.local/share/kwrite | 15 | noblacklist ${HOME}/.local/share/kwrite |
| 16 | noblacklist ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | apparmor | 27 | apparmor |
| 28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbunzip2.profile +++ b/etc/lbunzip2.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzcat.profile +++ b/etc/lbzcat.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzip2.profile +++ b/etc/lbzip2.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index d3335893f..f4e04bf0c 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: GTK+ based simple text editor | 2 | # Description: GTK+ based simple text editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/leafpad.local | 5 | include leafpad.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/leafpad | 9 | noblacklist ${HOME}/.config/leafpad |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/less.profile b/etc/less.profile index a08d2c547..b083c3809 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/less.local | 6 | include less.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -33,4 +33,4 @@ memory-deny-write-execute | |||
| 33 | noexec ${HOME} | 33 | noexec ${HOME} |
| 34 | noexec /tmp | 34 | noexec /tmp |
| 35 | 35 | ||
| 36 | include /etc/firejail/default.profile | 36 | include default.profile |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 905dd22b9..fb582508e 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Office productivity suite | 2 | # Description: Office productivity suite |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/libreoffice.local | 5 | include libreoffice.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 10 | noblacklist /usr/local/sbin | 10 | noblacklist /usr/local/sbin |
| @@ -17,12 +17,12 @@ noblacklist /usr/lib/java | |||
| 17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
| 18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | # Ubuntu 18.04 uses its own apparmor profile | 27 | # Ubuntu 18.04 uses its own apparmor profile |
| 28 | # uncomment the next line if you are not on Ubuntu | 28 | # uncomment the next line if you are not on Ubuntu |
diff --git a/etc/liferea.profile b/etc/liferea.profile index 04c649121..3d83ffd22 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Feed/news/podcast client with plugin support | 2 | # Description: Feed/news/podcast client with plugin support |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/liferea.local | 5 | include liferea.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/liferea | 9 | noblacklist ${HOME}/.cache/liferea |
| 10 | noblacklist ${HOME}/.config/liferea | 10 | noblacklist ${HOME}/.config/liferea |
| @@ -16,11 +16,11 @@ noblacklist ${PATH}/python3* | |||
| 16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
| 17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | 24 | ||
| 25 | mkdir ${HOME}/.cache/liferea | 25 | mkdir ${HOME}/.cache/liferea |
| 26 | mkdir ${HOME}/.config/liferea | 26 | mkdir ${HOME}/.config/liferea |
| @@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea | |||
| 28 | whitelist ${HOME}/.cache/liferea | 28 | whitelist ${HOME}/.cache/liferea |
| 29 | whitelist ${HOME}/.config/liferea | 29 | whitelist ${HOME}/.config/liferea |
| 30 | whitelist ${HOME}/.local/share/liferea | 30 | whitelist ${HOME}/.local/share/liferea |
| 31 | include /etc/firejail/whitelist-common.inc | 31 | include whitelist-common.inc |
| 32 | include /etc/firejail/whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
| 33 | 33 | ||
| 34 | caps.drop all | 34 | caps.drop all |
| 35 | netfilter | 35 | netfilter |
diff --git a/etc/linphone.profile b/etc/linphone.profile index b469b9711..a3e072509 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: SIP softphone - graphical client | 2 | # Description: SIP softphone - graphical client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/linphone.local | 5 | include linphone.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.linphone-history.db | 9 | noblacklist ${HOME}/.linphone-history.db |
| 10 | noblacklist ${HOME}/.linphonerc | 10 | noblacklist ${HOME}/.linphonerc |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkfile ${HOME}/.linphone-history.db | 18 | mkfile ${HOME}/.linphone-history.db |
| 19 | mkfile ${HOME}/.linphonerc | 19 | mkfile ${HOME}/.linphonerc |
| 20 | whitelist ${HOME}/.linphone-history.db | 20 | whitelist ${HOME}/.linphone-history.db |
| 21 | whitelist ${HOME}/.linphonerc | 21 | whitelist ${HOME}/.linphonerc |
| 22 | whitelist ${HOME}/Downloads | 22 | whitelist ${HOME}/Downloads |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/lmms.profile b/etc/lmms.profile index d3ef1b40e..1534b57a0 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Linux Multimedia Studio | 2 | # Description: Linux Multimedia Studio |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/lmms.local | 5 | include lmms.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.lmmsrc.xml | 9 | noblacklist ${HOME}/.lmmsrc.xml |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/lobase.profile b/etc/lobase.profile index c702a4ece..ea0f84631 100644 --- a/etc/lobase.profile +++ b/etc/lobase.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/localc.profile b/etc/localc.profile index c702a4ece..ea0f84631 100644 --- a/etc/localc.profile +++ b/etc/localc.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lodraw.profile b/etc/lodraw.profile index c702a4ece..ea0f84631 100644 --- a/etc/lodraw.profile +++ b/etc/lodraw.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loffice.profile b/etc/loffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/loffice.profile +++ b/etc/loffice.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile index c702a4ece..ea0f84631 100644 --- a/etc/lofromtemplate.profile +++ b/etc/lofromtemplate.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loimpress.profile b/etc/loimpress.profile index c702a4ece..ea0f84631 100644 --- a/etc/loimpress.profile +++ b/etc/loimpress.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index efd40e899..b279602ef 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Music player for GNOME | 2 | # Description: Music player for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/lollypop.local | 5 | include lollypop.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/lollypop | 9 | noblacklist ${HOME}/.local/share/lollypop |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| @@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/lomath.profile b/etc/lomath.profile index c702a4ece..ea0f84631 100644 --- a/etc/lomath.profile +++ b/etc/lomath.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loweb.profile b/etc/loweb.profile index c702a4ece..ea0f84631 100644 --- a/etc/loweb.profile +++ b/etc/loweb.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lowriter.profile b/etc/lowriter.profile index c702a4ece..ea0f84631 100644 --- a/etc/lowriter.profile +++ b/etc/lowriter.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index a4ccefb6d..0b43a0b71 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Graphical user interface providing a workflow for HDR imaging | 2 | # Description: Graphical user interface providing a workflow for HDR imaging |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/luminance-hdr.local | 5 | include luminance-hdr.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Luminance | 9 | noblacklist ${HOME}/.config/Luminance |
| 10 | noblacklist ${PICTURES} | 10 | noblacklist ${PICTURES} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 4b3c457f6..6e310c509 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Image viewer for LXQt | 2 | # Description: Image viewer for LXQt |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/lximage-qt.local | 5 | include lximage-qt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/lximage-qt | 9 | noblacklist ${HOME}/.config/lximage-qt |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 7c3334075..219f312e5 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: LXDE music player | 2 | # Description: LXDE music player |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/lxmusic.local | 5 | include lxmusic.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/xmms2 | 9 | noblacklist ${HOME}/.cache/xmms2 |
| 10 | noblacklist ${HOME}/.config/xmms2 | 10 | noblacklist ${HOME}/.config/xmms2 |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/lynx.profile b/etc/lynx.profile index f5ec44fda..6fcd026dc 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Classic non-graphical (text-mode) web browser | 2 | # Description: Classic non-graphical (text-mode) web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/lynx.local | 5 | include lynx.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/lzcat.profile b/etc/lzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcat.profile +++ b/etc/lzcat.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcmp.profile +++ b/etc/lzcmp.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzdiff.profile +++ b/etc/lzdiff.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzegrep.profile +++ b/etc/lzegrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzfgrep.profile +++ b/etc/lzfgrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzgrep.profile +++ b/etc/lzgrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzip.profile b/etc/lzip.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzip.profile +++ b/etc/lzip.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzless.profile b/etc/lzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzless.profile +++ b/etc/lzless.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzma.profile b/etc/lzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzma.profile +++ b/etc/lzma.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile index 7c26620dd..9ba22601b 100644 --- a/etc/lzmadec.profile +++ b/etc/lzmadec.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/xzdec.profile | 7 | include xzdec.profile |
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmainfo.profile +++ b/etc/lzmainfo.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzmore.profile b/etc/lzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmore.profile +++ b/etc/lzmore.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 4107d91ad..e1d940425 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for macrofusion | 1 | # Firejail profile for macrofusion |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/macrofusion.local | 4 | include macrofusion.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/mfusion | 8 | noblacklist ${HOME}/.config/mfusion |
| 9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
| @@ -14,12 +14,12 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index ac337b9a1..317a3dd78 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
| @@ -10,9 +10,9 @@ | |||
| 10 | 10 | ||
| 11 | quiet | 11 | quiet |
| 12 | # Persistent local customizations | 12 | # Persistent local customizations |
| 13 | include /etc/firejail/makepkg.local | 13 | include makepkg.local |
| 14 | # Persistent global definitions | 14 | # Persistent global definitions |
| 15 | include /etc/firejail/globals.local | 15 | include globals.local |
| 16 | 16 | ||
| 17 | 17 | ||
| 18 | # Enable severely restricted access to ${HOME}/.gnupg | 18 | # Enable severely restricted access to ${HOME}/.gnupg |
| @@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d | |||
| 30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | 30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} |
| 31 | noblacklist /var/lib/pacman | 31 | noblacklist /var/lib/pacman |
| 32 | 32 | ||
| 33 | include /etc/firejail/disable-common.inc | 33 | include disable-common.inc |
| 34 | include /etc/firejail/disable-passwdmgr.inc | 34 | include disable-passwdmgr.inc |
| 35 | include /etc/firejail/disable-programs.inc | 35 | include disable-programs.inc |
| 36 | 36 | ||
| 37 | caps.drop all | 37 | caps.drop all |
| 38 | ipc-namespace | 38 | ipc-namespace |
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index cc80679fc..e35ddd2a7 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/masterpdfeditor.local | 5 | include masterpdfeditor.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Code Industry | 9 | noblacklist ${HOME}/.config/Code Industry |
| 10 | noblacklist ${HOME}/.masterpdfeditor | 10 | noblacklist ${HOME}/.masterpdfeditor |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile index 7ab9c9421..5612fdaa4 100644 --- a/etc/masterpdfeditor4.profile +++ b/etc/masterpdfeditor4.profile | |||
| @@ -2,11 +2,11 @@ | |||
| 2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/masterpdfeditor4.local | 5 | include masterpdfeditor4.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included profile | 7 | # added by included profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/masterpdfeditor.profile | 12 | include masterpdfeditor.profile |
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile index 86faf5da0..8669ceb11 100644 --- a/etc/masterpdfeditor5.profile +++ b/etc/masterpdfeditor5.profile | |||
| @@ -2,11 +2,11 @@ | |||
| 2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/masterpdfeditor5.local | 5 | include masterpdfeditor5.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included profile | 7 | # added by included profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/masterpdfeditor.profile | 12 | include masterpdfeditor.profile |
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 874fcf8cb..46bd7aa2e 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: MATE desktop calculator | 2 | # Description: MATE desktop calculator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mate-calc.local | 5 | include mate-calc.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/mate-calc | 9 | noblacklist ${HOME}/.config/mate-calc |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${HOME}/.cache/mate-calc | 17 | whitelist ${HOME}/.cache/mate-calc |
| 18 | whitelist ${HOME}/.config/caja | 18 | whitelist ${HOME}/.config/caja |
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 43bb3ebb4..442acf8ff 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/mate-calc.profile | 6 | include mate-calc.profile |
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index c3a3ee446..b4cf0b38a 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
| @@ -1,16 +1,16 @@ | |||
| 1 | # Firejail profile for mate-color-select | 1 | # Firejail profile for mate-color-select |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/mate-color-select.local | 4 | include mate-color-select.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | whitelist ${HOME}/.config/gtk-3.0 | 15 | whitelist ${HOME}/.config/gtk-3.0 |
| 16 | whitelist ${HOME}/.fonts | 16 | whitelist ${HOME}/.fonts |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index b0bd99519..10978df20 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for mate-dictionary | 1 | # Firejail profile for mate-dictionary |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/mate-dictionary.local | 4 | include mate-dictionary.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/mate/mate-dictionary | 8 | noblacklist ${HOME}/.config/mate/mate-dictionary |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | whitelist ${HOME}/.config/mate/mate-dictionary | 16 | whitelist ${HOME}/.config/mate/mate-dictionary |
| 17 | whitelist ${HOME}/.config/gtk-3.0 | 17 | whitelist ${HOME}/.config/gtk-3.0 |
diff --git a/etc/mathematica.profile b/etc/mathematica.profile index 984ea9e97..5f29181cd 100644 --- a/etc/mathematica.profile +++ b/etc/mathematica.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/Mathematica.profile | 6 | include Mathematica.profile |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 0ed8952e5..1a1c255e7 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Small Jabber (XMPP) console client | 2 | # Description: Small Jabber (XMPP) console client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mcabber.local | 5 | include mcabber.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.mcabber | 9 | noblacklist ${HOME}/.mcabber |
| 10 | noblacklist ${HOME}/.mcabberrc | 10 | noblacklist ${HOME}/.mcabberrc |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 7556098a7..5e636c107 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Command-line utility for reading information from audio/video files | 2 | # Description: Command-line utility for reading information from audio/video files |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mediainfo.local | 5 | include mediainfo.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index e53ced860..b9a6416bb 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: View streams from German public television stations | 2 | # Description: View streams from German public television stations |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mediathekview.local | 5 | include mediathekview.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/mpv | 9 | noblacklist ${HOME}/.config/mpv |
| 10 | noblacklist ${HOME}/.config/smplayer | 10 | noblacklist ${HOME}/.config/smplayer |
| @@ -23,13 +23,13 @@ noblacklist /usr/lib/java | |||
| 23 | noblacklist /etc/java | 23 | noblacklist /etc/java |
| 24 | noblacklist /usr/share/java | 24 | noblacklist /usr/share/java |
| 25 | 25 | ||
| 26 | include /etc/firejail/disable-common.inc | 26 | include disable-common.inc |
| 27 | include /etc/firejail/disable-devel.inc | 27 | include disable-devel.inc |
| 28 | include /etc/firejail/disable-interpreters.inc | 28 | include disable-interpreters.inc |
| 29 | include /etc/firejail/disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
| 30 | include /etc/firejail/disable-programs.inc | 30 | include disable-programs.inc |
| 31 | 31 | ||
| 32 | include /etc/firejail/whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
| 33 | 33 | ||
| 34 | caps.drop all | 34 | caps.drop all |
| 35 | netfilter | 35 | netfilter |
diff --git a/etc/meld.profile b/etc/meld.profile index 1a7935800..3c028e064 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Graphical tool to diff and merge files | 2 | # Description: Graphical tool to diff and merge files |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/meld.local | 5 | include meld.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/meld | 9 | noblacklist ${HOME}/.local/share/meld |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | net none | 19 | net none |
diff --git a/etc/mencoder.profile b/etc/mencoder.profile index 9306d268e..136412d11 100644 --- a/etc/mencoder.profile +++ b/etc/mencoder.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: Free command line video decoding, encoding and filtering tool | 2 | # Description: Free command line video decoding, encoding and filtering tool |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mencoder.local | 5 | include mencoder.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included profile | 7 | # added by included profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | net none | 16 | net none |
| 17 | no3d | 17 | no3d |
| @@ -25,4 +25,4 @@ shell none | |||
| 25 | 25 | ||
| 26 | private-bin mencoder | 26 | private-bin mencoder |
| 27 | 27 | ||
| 28 | include /etc/firejail/mplayer.profile | 28 | include mplayer.profile |
diff --git a/etc/midori.profile b/etc/midori.profile index 7c56910a7..6a69f2282 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Lightweight web browser | 2 | # Description: Lightweight web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/midori.local | 5 | include midori.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/midori | 9 | noblacklist ${HOME}/.config/midori |
| 10 | noblacklist ${HOME}/.local/share/midori | 10 | noblacklist ${HOME}/.local/share/midori |
| @@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori | |||
| 12 | # noblacklist ${HOME}/.local/share/webkitgtk | 12 | # noblacklist ${HOME}/.local/share/webkitgtk |
| 13 | noblacklist ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | mkdir ${HOME}/.cache/midori | 20 | mkdir ${HOME}/.cache/midori |
| 21 | mkdir ${HOME}/.config/midori | 21 | mkdir ${HOME}/.config/midori |
| @@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori | |||
| 33 | whitelist ${HOME}/.local/share/webkit | 33 | whitelist ${HOME}/.local/share/webkit |
| 34 | whitelist ${HOME}/.local/share/webkitgtk | 34 | whitelist ${HOME}/.local/share/webkitgtk |
| 35 | whitelist ${HOME}/.pki | 35 | whitelist ${HOME}/.pki |
| 36 | include /etc/firejail/whitelist-common.inc | 36 | include whitelist-common.inc |
| 37 | 37 | ||
| 38 | caps.drop all | 38 | caps.drop all |
| 39 | netfilter | 39 | netfilter |
diff --git a/etc/min.profile b/etc/min.profile index 91c6fce3c..9cef737a8 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: A faster, smarter web browser. | 2 | # Description: A faster, smarter web browser. |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/min.local | 5 | include min.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Min | 9 | noblacklist ${HOME}/.config/Min |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.pki | 18 | mkdir ${HOME}/.pki |
| 19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 20 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | # ipc-namespace | 25 | # ipc-namespace |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 3e06b6d30..c1aef8aa6 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Multiplayer infinite-world block sandbox | 2 | # Description: Multiplayer infinite-world block sandbox |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/minetest.local | 5 | include minetest.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.minetest | 9 | noblacklist ${HOME}/.minetest |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.minetest | 17 | mkdir ${HOME}/.minetest |
| 18 | whitelist ${HOME}/.minetest | 18 | whitelist ${HOME}/.minetest |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 421637509..8e789f112 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Simple Xfce oriented text editor | 2 | # Description: Simple Xfce oriented text editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mousepad.local | 5 | include mousepad.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Mousepad | 9 | noblacklist ${HOME}/.config/Mousepad |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/mpd.profile b/etc/mpd.profile index 709f2ef89..70a438fb7 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Music Player Daemon | 2 | # Description: Music Player Daemon |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mpd.local | 5 | include mpd.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/mpd | 9 | noblacklist ${HOME}/.config/mpd |
| 10 | noblacklist ${HOME}/.mpd | 10 | noblacklist ${HOME}/.mpd |
| 11 | noblacklist ${HOME}/.mpdconf | 11 | noblacklist ${HOME}/.mpdconf |
| 12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 29ef21b9d..fbe6200fa 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Movie player for Unix-like systems | 2 | # Description: Movie player for Unix-like systems |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mplayer.local | 5 | include mplayer.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.mplayer | 9 | noblacklist ${HOME}/.mplayer |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/mpv.profile b/etc/mpv.profile index 5747cd3fa..b521e58b9 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Video player based on MPlayer/mplayer2 | 2 | # Description: Video player based on MPlayer/mplayer2 |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mpv.local | 5 | include mpv.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/mpv | 9 | noblacklist ${HOME}/.config/mpv |
| 10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
| @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | apparmor | 29 | apparmor |
| 30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile index 4fb8c6fc1..e103baf19 100644 --- a/etc/ms-excel.profile +++ b/etc/ms-excel.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Excel | 1 | # Firejail profile for Microsoft Office Online - Excel |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-excel.local | 4 | include ms-excel.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-excel-online | 8 | noblacklist ${HOME}/.cache/ms-excel-online |
| 9 | private-bin ms-excel | 9 | private-bin ms-excel |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index cedc5eff4..61478fd07 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online | 1 | # Firejail profile for Microsoft Office Online |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-office.local | 4 | include ms-office.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-office-online | 8 | noblacklist ${HOME}/.cache/ms-office-online |
| 9 | noblacklist ${HOME}/.jak | 9 | noblacklist ${HOME}/.jak |
| @@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile index 520544ab4..1259d55c8 100644 --- a/etc/ms-onenote.profile +++ b/etc/ms-onenote.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Onenote | 1 | # Firejail profile for Microsoft Office Online - Onenote |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-onenote.local | 4 | include ms-onenote.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-onenote-online | 8 | noblacklist ${HOME}/.cache/ms-onenote-online |
| 9 | private-bin ms-onenote | 9 | private-bin ms-onenote |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile index e438bbdfc..a9fadc2c1 100644 --- a/etc/ms-outlook.profile +++ b/etc/ms-outlook.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Outlook | 1 | # Firejail profile for Microsoft Office Online - Outlook |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-outlook.local | 4 | include ms-outlook.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-outlook-online | 8 | noblacklist ${HOME}/.cache/ms-outlook-online |
| 9 | private-bin ms-outlook | 9 | private-bin ms-outlook |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile index 82be095d0..4c096de4e 100644 --- a/etc/ms-powerpoint.profile +++ b/etc/ms-powerpoint.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Powerpoint | 1 | # Firejail profile for Microsoft Office Online - Powerpoint |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-powerpoint.local | 4 | include ms-powerpoint.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-powerpoint-online | 8 | noblacklist ${HOME}/.cache/ms-powerpoint-online |
| 9 | private-bin ms-powerpoint | 9 | private-bin ms-powerpoint |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile index fa3c4a314..02084d923 100644 --- a/etc/ms-skype.profile +++ b/etc/ms-skype.profile | |||
| @@ -1,13 +1,13 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Skype | 1 | # Firejail profile for Microsoft Office Online - Skype |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-skype.local | 4 | include ms-skype.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-skype-online | 8 | noblacklist ${HOME}/.cache/ms-skype-online |
| 9 | ignore novideo | 9 | ignore novideo |
| 10 | private-bin ms-skype | 10 | private-bin ms-skype |
| 11 | 11 | ||
| 12 | # Redirect | 12 | # Redirect |
| 13 | include /etc/firejail/ms-office.profile | 13 | include ms-office.profile |
diff --git a/etc/ms-word.profile b/etc/ms-word.profile index fdcab27a7..f21e987d4 100644 --- a/etc/ms-word.profile +++ b/etc/ms-word.profile | |||
| @@ -1,12 +1,12 @@ | |||
| 1 | # Firejail profile for Microsoft Office Online - Word | 1 | # Firejail profile for Microsoft Office Online - Word |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ms-word.local | 4 | include ms-word.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/ms-word-online | 8 | noblacklist ${HOME}/.cache/ms-word-online |
| 9 | private-bin ms-word | 9 | private-bin ms-word |
| 10 | 10 | ||
| 11 | # Redirect | 11 | # Redirect |
| 12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 2b63c2032..b73857826 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for multimc5 | 1 | # Firejail profile for multimc5 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/multimc5.local | 4 | include multimc5.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
| 9 | noblacklist ${HOME}/.local/share/multimc | 9 | noblacklist ${HOME}/.local/share/multimc |
| @@ -16,17 +16,17 @@ noblacklist /usr/lib/java | |||
| 16 | noblacklist /etc/java | 16 | noblacklist /etc/java |
| 17 | noblacklist /usr/share/java | 17 | noblacklist /usr/share/java |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | 24 | ||
| 25 | mkdir ${HOME}/.local/share/multimc | 25 | mkdir ${HOME}/.local/share/multimc |
| 26 | whitelist ${HOME}/.local/share/multimc | 26 | whitelist ${HOME}/.local/share/multimc |
| 27 | whitelist ${HOME}/.local/share/multimc5 | 27 | whitelist ${HOME}/.local/share/multimc5 |
| 28 | whitelist ${HOME}/.multimc5 | 28 | whitelist ${HOME}/.multimc5 |
| 29 | include /etc/firejail/whitelist-common.inc | 29 | include whitelist-common.inc |
| 30 | 30 | ||
| 31 | caps.drop all | 31 | caps.drop all |
| 32 | netfilter | 32 | netfilter |
diff --git a/etc/mumble.profile b/etc/mumble.profile index c5af9aa42..276e77c68 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Low latency encrypted VoIP client | 2 | # Description: Low latency encrypted VoIP client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mumble.local | 5 | include mumble.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Mumble | 9 | noblacklist ${HOME}/.config/Mumble |
| 10 | noblacklist ${HOME}/.local/share/data/Mumble | 10 | noblacklist ${HOME}/.local/share/data/Mumble |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.config/Mumble | 18 | mkdir ${HOME}/.config/Mumble |
| 19 | mkdir ${HOME}/.local/share/data/Mumble | 19 | mkdir ${HOME}/.local/share/data/Mumble |
| 20 | whitelist ${HOME}/.config/Mumble | 20 | whitelist ${HOME}/.config/Mumble |
| 21 | whitelist ${HOME}/.local/share/data/Mumble | 21 | whitelist ${HOME}/.local/share/data/Mumble |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index b49597e00..17658e2ef 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Lightweight PDF viewer | 2 | # Description: Lightweight PDF viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mupdf.local | 5 | include mupdf.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | machine-id | 21 | machine-id |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index a235c44c8..3798609d2 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Nintendo64 Emulator | 2 | # Description: Nintendo64 Emulator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mupen64plus.local | 5 | include mupen64plus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/mupen64plus | 9 | noblacklist ${HOME}/.config/mupen64plus |
| 10 | noblacklist ${HOME}/.local/share/mupen64plus | 10 | noblacklist ${HOME}/.local/share/mupen64plus |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | # you'll need to manually whitelist ROM files | 18 | # you'll need to manually whitelist ROM files |
| 19 | mkdir ${HOME}/.config/mupen64plus | 19 | mkdir ${HOME}/.config/mupen64plus |
| 20 | mkdir ${HOME}/.local/share/mupen64plus | 20 | mkdir ${HOME}/.local/share/mupen64plus |
| 21 | whitelist ${HOME}/.config/mupen64plus/ | 21 | whitelist ${HOME}/.config/mupen64plus/ |
| 22 | whitelist ${HOME}/.local/share/mupen64plus/ | 22 | whitelist ${HOME}/.local/share/mupen64plus/ |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | net none | 26 | net none |
diff --git a/etc/musescore.profile b/etc/musescore.profile index 3eb929bd1..5f009c681 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Free music composition and notation software | 2 | # Description: Free music composition and notation software |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/musescore.local | 5 | include musescore.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/MusE | 9 | noblacklist ${HOME}/.config/MusE |
| 10 | noblacklist ${HOME}/.config/MuseScore | 10 | noblacklist ${HOME}/.config/MuseScore |
| @@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore | |||
| 13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
| 14 | noblacklist ${MUSIC} | 14 | noblacklist ${MUSIC} |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
| 22 | 22 | ||
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index ba010d6a3..2b8e5b256 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for Musixmatch | 1 | # Firejail profile for Musixmatch |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/musixmatch.local | 4 | include musixmatch.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${MUSIC} | 8 | noblacklist ${MUSIC} |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | ipc-namespace | 17 | ipc-namespace |
diff --git a/etc/mutt.profile b/etc/mutt.profile index 6cb09ec78..a05227125 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading | 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/mutt.local | 5 | include mutt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| @@ -32,11 +32,11 @@ noblacklist ${HOME}/mail | |||
| 32 | noblacklist ${HOME}/postponed | 32 | noblacklist ${HOME}/postponed |
| 33 | noblacklist ${HOME}/sent | 33 | noblacklist ${HOME}/sent |
| 34 | 34 | ||
| 35 | include /etc/firejail/disable-common.inc | 35 | include disable-common.inc |
| 36 | include /etc/firejail/disable-devel.inc | 36 | include disable-devel.inc |
| 37 | include /etc/firejail/disable-interpreters.inc | 37 | include disable-interpreters.inc |
| 38 | include /etc/firejail/disable-passwdmgr.inc | 38 | include disable-passwdmgr.inc |
| 39 | include /etc/firejail/disable-programs.inc | 39 | include disable-programs.inc |
| 40 | 40 | ||
| 41 | caps.drop all | 41 | caps.drop all |
| 42 | netfilter | 42 | netfilter |
diff --git a/etc/natron.profile b/etc/natron.profile index 76e909f83..790fe437d 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for natron | 1 | # Firejail profile for natron |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/natron.local | 4 | include natron.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Allow access to python | 8 | # Allow access to python |
| 9 | noblacklist ${PATH}/python2* | 9 | noblacklist ${PATH}/python2* |
| @@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron | |||
| 16 | noblacklist ${HOME}/.config/INRIA | 16 | noblacklist ${HOME}/.config/INRIA |
| 17 | noblacklist /opt/natron | 17 | noblacklist /opt/natron |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | net none | 26 | net none |
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 1809a6b3c..13fe9a9e1 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File manager and graphical shell for GNOME | 2 | # Description: File manager and graphical shell for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/nautilus.local | 5 | include nautilus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 9 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
| 10 | # is already a nautilus process running on gnome desktops firejail will have no effect. | 10 | # is already a nautilus process running on gnome desktops firejail will have no effect. |
| @@ -20,11 +20,11 @@ noblacklist ${PATH}/python3* | |||
| 20 | noblacklist /usr/lib/python2* | 20 | noblacklist /usr/lib/python2* |
| 21 | noblacklist /usr/lib/python3* | 21 | noblacklist /usr/lib/python3* |
| 22 | 22 | ||
| 23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
| 24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
| 25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
| 26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
| 27 | # include /etc/firejail/disable-programs.inc | 27 | # include disable-programs.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | netfilter | 30 | netfilter |
diff --git a/etc/ncdu.profile b/etc/ncdu.profile index fa566b9fd..d8f9f62ff 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Ncurses disk usage viewer | 2 | # Description: Ncurses disk usage viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ncdu.local | 5 | include ncdu.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | caps.drop all | 9 | caps.drop all |
| 10 | ipc-namespace | 10 | ipc-namespace |
diff --git a/etc/nemo.profile b/etc/nemo.profile index 98e4ba1bd..8da094015 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File manager and graphical shell for Cinnamon | 2 | # Description: File manager and graphical shell for Cinnamon |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/nemo.local | 5 | include nemo.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/nemo | 9 | noblacklist ${HOME}/.config/nemo |
| 10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
| @@ -17,10 +17,10 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index cb38d9de0..0ddb7bbbe 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: Lightweight and fast web browser | 2 | # Description: Lightweight and fast web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/netsurf.local | 5 | include netsurf.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/netsurf | 9 | noblacklist ${HOME}/.cache/netsurf |
| 10 | noblacklist ${HOME}/.config/netsurf | 10 | noblacklist ${HOME}/.config/netsurf |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.cache/netsurf | 17 | mkdir ${HOME}/.cache/netsurf |
| 18 | mkdir ${HOME}/.config/netsurf | 18 | mkdir ${HOME}/.config/netsurf |
| 19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 20 | whitelist ${HOME}/.cache/netsurf | 20 | whitelist ${HOME}/.cache/netsurf |
| 21 | whitelist ${HOME}/.config/netsurf | 21 | whitelist ${HOME}/.config/netsurf |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/neverball.profile b/etc/neverball.profile index 5e6032ae5..207774ed0 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: 3D floor-tilting game | 2 | # Description: 3D floor-tilting game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/neverball.local | 5 | include neverball.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.neverball | 9 | noblacklist ${HOME}/.neverball |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.neverball | 17 | mkdir ${HOME}/.neverball |
| 18 | whitelist ${HOME}/.neverball | 18 | whitelist ${HOME}/.neverball |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | netfilter | 22 | netfilter |
diff --git a/etc/nheko.profile b/etc/nheko.profile index f216a9fa5..ea99b2f5a 100644 --- a/etc/nheko.profile +++ b/etc/nheko.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Desktop IM client for the Matrix protocol | 2 | # Description: Desktop IM client for the Matrix protocol |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/nheko.local | 5 | include nheko.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/nheko | 9 | noblacklist ${HOME}/.config/nheko |
| 10 | noblacklist ${HOME}/.cache/nheko/nheko | 10 | noblacklist ${HOME}/.cache/nheko/nheko |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.config/nheko | 18 | mkdir ${HOME}/.config/nheko |
| 19 | mkdir ${HOME}/.cache/nheko/nheko | 19 | mkdir ${HOME}/.cache/nheko/nheko |
| @@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko | |||
| 22 | whitelist ${HOME}/.cache/nheko/nheko | 22 | whitelist ${HOME}/.cache/nheko/nheko |
| 23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-cli.profile +++ b/etc/nitroshare-cli.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-nmh.profile +++ b/etc/nitroshare-nmh.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-send.profile +++ b/etc/nitroshare-send.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-ui.profile +++ b/etc/nitroshare-ui.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index f02599ac6..67c651429 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/nitroshare.local | 5 | include nitroshare.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Nathan Osman | 9 | noblacklist ${HOME}/.config/Nathan Osman |
| 10 | noblacklist ${HOME}/.config/NitroShare | 10 | noblacklist ${HOME}/.config/NitroShare |
| @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/nylas.profile b/etc/nylas.profile index 28305a203..935ab8f8a 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for nylas | 1 | # Firejail profile for nylas |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/nylas.local | 4 | include nylas.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Nylas Mail | 8 | noblacklist ${HOME}/.config/Nylas Mail |
| 9 | noblacklist ${HOME}/.nylas-mail | 9 | noblacklist ${HOME}/.nylas-mail |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.config/Nylas Mail | 18 | whitelist ${HOME}/.config/Nylas Mail |
| 19 | whitelist ${HOME}/.nylas-mail | 19 | whitelist ${HOME}/.nylas-mail |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/obs.profile b/etc/obs.profile index 611ecdd67..3e228365d 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for obs | 1 | # Firejail profile for obs |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/obs.local | 4 | include obs.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/obs-studio | 8 | noblacklist ${HOME}/.config/obs-studio |
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
| 16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
| 17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | nodvd | 29 | nodvd |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 59470f3bb..b9c525f0c 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Simple converter from OpenDocument Text to plain text | 2 | # Description: Simple converter from OpenDocument Text to plain text |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/odt2txt.local | 5 | include odt2txt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | net none | 21 | net none |
diff --git a/etc/okular.profile b/etc/okular.profile index 0f15500af..80407ac3a 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Universal document viewer | 2 | # Description: Universal document viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/okular.local | 5 | include okular.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/okular | 9 | noblacklist ${HOME}/.cache/okular |
| 10 | noblacklist ${HOME}/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
| @@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc | |||
| 18 | noblacklist ${HOME}/.local/share/okular | 18 | noblacklist ${HOME}/.local/share/okular |
| 19 | noblacklist ${DOCUMENTS} | 19 | noblacklist ${DOCUMENTS} |
| 20 | 20 | ||
| 21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
| 22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
| 23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
| 24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
| 25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
| 26 | include /etc/firejail/disable-xdg.inc | 26 | include disable-xdg.inc |
| 27 | 27 | ||
| 28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
| 29 | 29 | ||
| 30 | apparmor | 30 | apparmor |
| 31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 1c93ef9b9..6db776f6a 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for onionshare-gui | 1 | # Firejail profile for onionshare-gui |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/onionshare-gui.local | 4 | include onionshare-gui.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/onionshare | 8 | noblacklist ${HOME}/.config/onionshare |
| 9 | 9 | ||
| @@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare | |||
| 11 | noblacklist ${PATH}/python3* | 11 | noblacklist ${PATH}/python3* |
| 12 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 1cd9e9537..dc00e47a1 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Space Invaders clone | 2 | # Description: Space Invaders clone |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/open-invaders.local | 5 | include open-invaders.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.openinvaders | 9 | noblacklist ${HOME}/.openinvaders |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.openinvaders | 17 | mkdir ${HOME}/.openinvaders |
| 18 | whitelist ${HOME}/.openinvaders | 18 | whitelist ${HOME}/.openinvaders |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/openbox.profile b/etc/openbox.profile index 1540b71bd..1fb93c79c 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
| @@ -2,13 +2,13 @@ | |||
| 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/openbox.local | 5 | include openbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # all applications started in OpenBox will run in this profile | 9 | # all applications started in OpenBox will run in this profile |
| 10 | noblacklist ${HOME}/.config/openbox | 10 | noblacklist ${HOME}/.config/openbox |
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index cbd1f8fe8..b86073b41 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/openshot.profile | 6 | include openshot.profile |
diff --git a/etc/openshot.profile b/etc/openshot.profile index 242511243..fd69b8dbf 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Create and edit videos and movies | 2 | # Description: Create and edit videos and movies |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/openshot.local | 5 | include openshot.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.openshot | 9 | noblacklist ${HOME}/.openshot |
| 10 | noblacklist ${HOME}/.openshot_qt | 10 | noblacklist ${HOME}/.openshot_qt |
| @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | apparmor | 26 | apparmor |
| 27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 38a3152d2..8658d30c6 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for opera-beta | 1 | # Firejail profile for opera-beta |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/opera-beta.local | 4 | include opera-beta.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/opera | 8 | noblacklist ${HOME}/.cache/opera |
| 9 | noblacklist ${HOME}/.config/opera-beta | 9 | noblacklist ${HOME}/.config/opera-beta |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera | |||
| 14 | whitelist ${HOME}/.config/opera-beta | 14 | whitelist ${HOME}/.config/opera-beta |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/opera.profile b/etc/opera.profile index 294041c24..b342b3961 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: A fast and secure web browser | 2 | # Description: A fast and secure web browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/opera.local | 5 | include opera.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/opera | 9 | noblacklist ${HOME}/.cache/opera |
| 10 | noblacklist ${HOME}/.config/opera | 10 | noblacklist ${HOME}/.config/opera |
| @@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera | |||
| 18 | whitelist ${HOME}/.opera | 18 | whitelist ${HOME}/.opera |
| 19 | 19 | ||
| 20 | # Redirect | 20 | # Redirect |
| 21 | include /etc/firejail/chromium-common.profile | 21 | include chromium-common.profile |
diff --git a/etc/orage.profile b/etc/orage.profile index 8fc6330d9..17a40a173 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Calendar for Xfce Desktop Environment | 2 | # Description: Calendar for Xfce Desktop Environment |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/orage.local | 5 | include orage.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/orage | 9 | noblacklist ${HOME}/.config/orage |
| 10 | noblacklist ${HOME}/.local/share/orage | 10 | noblacklist ${HOME}/.local/share/orage |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/p7zip.profile b/etc/p7zip.profile index f8b2d6f1a..644292f2b 100644 --- a/etc/p7zip.profile +++ b/etc/p7zip.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # Description: 7zr file archiver with high compression ratio | 2 | # Description: 7zr file archiver with high compression ratio |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/p7zip.local | 5 | include p7zip.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included profile | 7 | # added by included profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | # Redirect | 10 | # Redirect |
| 11 | include /etc/firejail/7z.profile | 11 | include 7z.profile |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 1104acff4..11464e6cf 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for palemoon | 1 | # Firejail profile for palemoon |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/palemoon.local | 4 | include palemoon.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon | 8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon |
| 9 | noblacklist ${HOME}/.moonchild productions/pale moon | 9 | noblacklist ${HOME}/.moonchild productions/pale moon |
| @@ -23,4 +23,4 @@ seccomp | |||
| 23 | #private-opt palemoon | 23 | #private-opt palemoon |
| 24 | 24 | ||
| 25 | # Redirect | 25 | # Redirect |
| 26 | include /etc/firejail/firefox-common.profile | 26 | include firefox-common.profile |
diff --git a/etc/parole.profile b/etc/parole.profile index 00e1466b4..9ad59d2e6 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Media player based on GStreamer framework | 2 | # Description: Media player based on GStreamer framework |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/parole.local | 5 | include parole.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | noblacklist ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/patch.profile b/etc/patch.profile index 8fa6ac966..44b3cd677 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
| @@ -3,19 +3,19 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/patch.local | 6 | include patch.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index c7e449166..0c1e95e63 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Extremely fast and lightweight file manager | 2 | # Description: Extremely fast and lightweight file manager |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pcmanfm.local | 5 | include pcmanfm.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/Trash | 9 | noblacklist ${HOME}/.local/share/Trash |
| 10 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below | 10 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below |
| 11 | # noblacklist ${HOME}/.config/pcmanfm | 11 | # noblacklist ${HOME}/.config/pcmanfm |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | # include /etc/firejail/disable-programs.inc | 17 | # include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | # net none - see issue #1467, computer:/// location broken | 20 | # net none - see issue #1467, computer:/// location broken |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f6a615632..6fe76360b 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
| @@ -1,20 +1,20 @@ | |||
| 1 | # Firejail profile for pdfchain | 1 | # Firejail profile for pdfchain |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pdfchain.local | 4 | include pdfchain.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 34cf5e44f..6853efd24 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Simple tool for modifying PDF documents | 2 | # Description: Simple tool for modifying PDF documents |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pdfmod.local | 5 | include pdfmod.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/pdfmod | 9 | noblacklist ${HOME}/.cache/pdfmod |
| 10 | noblacklist ${HOME}/.config/pdfmod | 10 | noblacklist ${HOME}/.config/pdfmod |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index a09ab0a8a..8ba0e6a10 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: PDF Split and Merge | 2 | # Description: PDF Split and Merge |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pdfsam.local | 5 | include pdfsam.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| @@ -15,12 +15,12 @@ noblacklist /usr/lib/java | |||
| 15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
| 16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | machine-id | 26 | machine-id |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index d162f45b5..8e7951e81 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for pdftotext | 1 | # Firejail profile for pdftotext |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pdftotext.local | 4 | include pdftotext.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | machine-id | 22 | machine-id |
diff --git a/etc/peek.profile b/etc/peek.profile index edc43d006..a3c64e1b4 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
| @@ -1,20 +1,20 @@ | |||
| 1 | # Firejail profile for peek | 1 | # Firejail profile for peek |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/peek.local | 4 | include peek.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/peek | 8 | noblacklist ${HOME}/.cache/peek |
| 9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
| 10 | noblacklist ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | net none | 20 | net none |
diff --git a/etc/picard.profile b/etc/picard.profile index 8474eeda6..b4d4fd597 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Next-Generation MusicBrainz audio files tagger | 2 | # Description: Next-Generation MusicBrainz audio files tagger |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/picard.local | 5 | include picard.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/MusicBrainz | 9 | noblacklist ${HOME}/.cache/MusicBrainz |
| 10 | noblacklist ${HOME}/.config/MusicBrainz | 10 | noblacklist ${HOME}/.config/MusicBrainz |
| @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
| 16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
| 17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | no3d | 29 | no3d |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index e891f5fd8..0d4aebc50 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Graphical multi-protocol instant messaging client | 2 | # Description: Graphical multi-protocol instant messaging client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pidgin.local | 5 | include pidgin.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.purple | 9 | noblacklist ${HOME}/.purple |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/ping.profile b/etc/ping.profile index 2b20bf8c9..259b86a26 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ping.local | 5 | include ping.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
| 15 | include /etc/firejail/whitelist-common.inc | 15 | include whitelist-common.inc |
| 16 | 16 | ||
| 17 | caps.keep net_raw | 17 | caps.keep net_raw |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/pingus.profile b/etc/pingus.profile index 4ce584d1e..56b6036d9 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Free Lemmings(TM) clone | 2 | # Description: Free Lemmings(TM) clone |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pingus.local | 5 | include pingus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.pingus | 9 | noblacklist ${HOME}/.pingus |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.pingus | 17 | mkdir ${HOME}/.pingus |
| 18 | whitelist ${HOME}/.pingus | 18 | whitelist ${HOME}/.pingus |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 506918b92..1e0611516 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Simple drawing/painting program | 2 | # Description: Simple drawing/painting program |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pinta.local | 5 | include pinta.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Pinta | 9 | noblacklist ${HOME}/.config/Pinta |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/pithos.profile b/etc/pithos.profile index cbe7ac9c6..9309ffdcc 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Pandora Radio client for the GNOME desktop | 2 | # Description: Pandora Radio client for the GNOME desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pithos.local | 5 | include pithos.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
| 10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
| @@ -12,15 +12,15 @@ noblacklist ${PATH}/python3* | |||
| 12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
| 13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | netfilter | 26 | netfilter |
diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 6f6aed117..bce2f795f 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Non-linear audio/video editor using GStreamer | 2 | # Description: Non-linear audio/video editor using GStreamer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pitivi.local | 5 | include pitivi.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.config/pitivi | 10 | noblacklist ${HOME}/.config/pitivi |
| @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/pix.profile b/etc/pix.profile index dfc6d780e..5734effde 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
| @@ -1,20 +1,20 @@ | |||
| 1 | # Firejail profile for pix | 1 | # Firejail profile for pix |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pix.local | 4 | include pix.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/pix | 8 | noblacklist ${HOME}/.config/pix |
| 9 | noblacklist ${HOME}/.local/share/pix | 9 | noblacklist ${HOME}/.local/share/pix |
| 10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
| 11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | nodvd | 20 | nodvd |
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 119baf6b5..707c75cec 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Front-end for Wine | 2 | # Description: Front-end for Wine |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/playonlinux.local | 5 | include playonlinux.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
| 10 | noblacklist ${HOME}/.local/share/Steam | 10 | noblacklist ${HOME}/.local/share/Steam |
| @@ -22,11 +22,11 @@ noblacklist ${PATH}/perl | |||
| 22 | noblacklist /usr/lib/perl* | 22 | noblacklist /usr/lib/perl* |
| 23 | noblacklist /usr/share/perl* | 23 | noblacklist /usr/share/perl* |
| 24 | 24 | ||
| 25 | include /etc/firejail/disable-common.inc | 25 | include disable-common.inc |
| 26 | # playonlinux uses perl | 26 | # playonlinux uses perl |
| 27 | include /etc/firejail/disable-devel.inc | 27 | include disable-devel.inc |
| 28 | include /etc/firejail/disable-interpreters.inc | 28 | include disable-interpreters.inc |
| 29 | include /etc/firejail/disable-programs.inc | 29 | include disable-programs.inc |
| 30 | 30 | ||
| 31 | caps.drop all | 31 | caps.drop all |
| 32 | netfilter | 32 | netfilter |
diff --git a/etc/pluma.profile b/etc/pluma.profile index 832e7a3f4..4e0dc3505 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Official text editor of the MATE desktop environment | 2 | # Description: Official text editor of the MATE desktop environment |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/pluma.local | 5 | include pluma.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/pluma | 9 | noblacklist ${HOME}/.config/pluma |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
| 18 | 18 | ||
| 19 | # apparmor - makes settings immutable | 19 | # apparmor - makes settings immutable |
| 20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/polari.profile b/etc/polari.profile index cb6b0f73c..5aa1f6a46 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: Internet Relay Chat (IRC) client | 2 | # Description: Internet Relay Chat (IRC) client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/polari.local | 5 | include polari.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | mkdir ${HOME}/.cache/telepathy | 15 | mkdir ${HOME}/.cache/telepathy |
| 16 | mkdir ${HOME}/.config/telepathy-account-widgets | 16 | mkdir ${HOME}/.config/telepathy-account-widgets |
| @@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy | |||
| 24 | whitelist ${HOME}/.local/share/TpLogger | 24 | whitelist ${HOME}/.local/share/TpLogger |
| 25 | whitelist ${HOME}/.local/share/telepathy | 25 | whitelist ${HOME}/.local/share/telepathy |
| 26 | whitelist ${HOME}/.purple | 26 | whitelist ${HOME}/.purple |
| 27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | netfilter | 30 | netfilter |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 8fcc19e65..fc37e6fd2 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: A PSP emulator written in C++ | 2 | # Description: A PSP emulator written in C++ |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ppsspp.local | 5 | include ppsspp.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/ppsspp | 9 | noblacklist ${HOME}/.config/ppsspp |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | # with >=llvm-4 mesa drivers need llvm stuff | 11 | # with >=llvm-4 mesa drivers need llvm stuff |
| 12 | noblacklist /usr/lib/llvm* | 12 | noblacklist /usr/lib/llvm* |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index d2612c95c..d04690cf9 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Qt-based XMPP/Jabber client | 2 | # Description: Qt-based XMPP/Jabber client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/psi-plus.local | 5 | include psi-plus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/psi+ | 9 | noblacklist ${HOME}/.config/psi+ |
| 10 | noblacklist ${HOME}/.local/share/psi+ | 10 | noblacklist ${HOME}/.local/share/psi+ |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/psi+ | 18 | mkdir ${HOME}/.cache/psi+ |
| 19 | mkdir ${HOME}/.config/psi+ | 19 | mkdir ${HOME}/.config/psi+ |
| @@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} | |||
| 22 | whitelist ${HOME}/.cache/psi+ | 22 | whitelist ${HOME}/.cache/psi+ |
| 23 | whitelist ${HOME}/.config/psi+ | 23 | whitelist ${HOME}/.config/psi+ |
| 24 | whitelist ${HOME}/.local/share/psi+ | 24 | whitelist ${HOME}/.local/share/psi+ |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 02c35b104..94abe0a5c 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for pybitmessage | 1 | # Firejail profile for pybitmessage |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pybitmessage.local | 4 | include pybitmessage.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist /sbin | 8 | noblacklist /sbin |
| 9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
| @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 89bb9dadf..aa145498c 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for pycharm-community | 1 | # Firejail profile for pycharm-community |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pycharm-community.local | 4 | include pycharm-community.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/snap | 8 | noblacklist ${HOME}/snap |
| 9 | noblacklist ${HOME}/.PyCharmCE* | 9 | noblacklist ${HOME}/.PyCharmCE* |
| @@ -15,10 +15,10 @@ noblacklist /usr/lib/java | |||
| 15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
| 16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | machine-id | 24 | machine-id |
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile index b28082dc4..a14d0268b 100644 --- a/etc/pycharm-professional.profile +++ b/etc/pycharm-professional.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | noblacklist ${HOME}/.PyCharm* | 4 | noblacklist ${HOME}/.PyCharm* |
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/pycharm-community.profile | 7 | include pycharm-community.profile |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 4ba5d3871..e5568a2fa 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI | 2 | # Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qbittorrent.local | 5 | include qbittorrent.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/qBittorrent | 9 | noblacklist ${HOME}/.cache/qBittorrent |
| 10 | noblacklist ${HOME}/.config/qBittorrent | 10 | noblacklist ${HOME}/.config/qBittorrent |
| @@ -17,11 +17,11 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | 25 | ||
| 26 | mkdir ${HOME}/.cache/qBittorrent | 26 | mkdir ${HOME}/.cache/qBittorrent |
| 27 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
| @@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent | |||
| 31 | whitelist ${HOME}/.config/qBittorrent | 31 | whitelist ${HOME}/.config/qBittorrent |
| 32 | whitelist ${HOME}/.config/qBittorrentrc | 32 | whitelist ${HOME}/.config/qBittorrentrc |
| 33 | whitelist ${HOME}/.local/share/data/qBittorrent | 33 | whitelist ${HOME}/.local/share/data/qBittorrent |
| 34 | include /etc/firejail/whitelist-common.inc | 34 | include whitelist-common.inc |
| 35 | include /etc/firejail/whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
| 36 | 36 | ||
| 37 | apparmor | 37 | apparmor |
| 38 | caps.drop all | 38 | caps.drop all |
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 263c71535..ac60384fd 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
| @@ -1,15 +1,15 @@ | |||
| 1 | # Firejail profile for qemu-launcher | 1 | # Firejail profile for qemu-launcher |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/qemu-launcher.local | 4 | include qemu-launcher.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.qemu-launcher | 8 | noblacklist ${HOME}/.qemu-launcher |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | 13 | ||
| 14 | caps.drop all | 14 | caps.drop all |
| 15 | netfilter | 15 | netfilter |
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 3ab25e92e..1399328d3 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
| @@ -1,14 +1,14 @@ | |||
| 1 | # Firejail profile for qemu-system-x86_64 | 1 | # Firejail profile for qemu-system-x86_64 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/qemu-system-x86_64.local | 4 | include qemu-system-x86_64.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
| 12 | 12 | ||
| 13 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | 14 | netfilter |
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 1293fa30d..3aa6c1a59 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Lightweight and cross-platform clipboard history applet | 2 | # Description: Lightweight and cross-platform clipboard history applet |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qlipper.local | 5 | include qlipper.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Qlipper | 9 | noblacklist ${HOME}/.config/Qlipper |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/qmmp.profile b/etc/qmmp.profile index 9d127731f..fccd6b1f8 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Feature-rich audio player with support of many formats | 2 | # Description: Feature-rich audio player with support of many formats |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qmmp.local | 5 | include qmmp.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.qmmp | 9 | noblacklist ${HOME}/.qmmp |
| 10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 3063010cc..851cad4ae 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Tabbed document viewer | 2 | # Description: Tabbed document viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qpdfview.local | 5 | include qpdfview.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/qpdfview | 9 | noblacklist ${HOME}/.config/qpdfview |
| 10 | noblacklist ${HOME}/.local/share/qpdfview | 10 | noblacklist ${HOME}/.local/share/qpdfview |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | machine-id | 23 | machine-id |
diff --git a/etc/qtox.profile b/etc/qtox.profile index 3c1697085..0cd434b08 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines | 2 | # Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qtox.local | 5 | include qtox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/tox | 9 | noblacklist ${HOME}/.config/tox |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.config/tox | 17 | mkdir ${HOME}/.config/tox |
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.config/tox | 19 | whitelist ${HOME}/.config/tox |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 69c6aa61b..a78d1edcd 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: Distributed IRC client | 2 | # Description: Distributed IRC client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/quassel.local | 5 | include quassel.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | netfilter | 16 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 368a3d996..3d979a5b2 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: RSS/Atom news feeds reader | 2 | # Description: RSS/Atom news feeds reader |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/quiterss.local | 5 | include quiterss.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/QuiteRss | 9 | noblacklist ${HOME}/.cache/QuiteRss |
| 10 | noblacklist ${HOME}/.config/QuiteRss | 10 | noblacklist ${HOME}/.config/QuiteRss |
| 11 | noblacklist ${HOME}/.config/QuiteRssrc | 11 | noblacklist ${HOME}/.config/QuiteRssrc |
| 12 | noblacklist ${HOME}/.local/share/QuiteRss | 12 | noblacklist ${HOME}/.local/share/QuiteRss |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | mkdir ${HOME}/.cache/QuiteRss | 20 | mkdir ${HOME}/.cache/QuiteRss |
| 21 | mkdir ${HOME}/.config/QuiteRss | 21 | mkdir ${HOME}/.config/QuiteRss |
| @@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc | |||
| 27 | whitelist ${HOME}/.local/share/data/QuiteRss | 27 | whitelist ${HOME}/.local/share/data/QuiteRss |
| 28 | whitelist ${HOME}/.local/share/QuiteRss | 28 | whitelist ${HOME}/.local/share/QuiteRss |
| 29 | whitelist ${HOME}/quiterssfeeds.opml | 29 | whitelist ${HOME}/quiterssfeeds.opml |
| 30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
| 31 | 31 | ||
| 32 | caps.drop all | 32 | caps.drop all |
| 33 | netfilter | 33 | netfilter |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index e73e8a5e1..ad04b892d 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
| @@ -1,24 +1,24 @@ | |||
| 1 | # Firejail profile for qupzilla | 1 | # Firejail profile for qupzilla |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/qupzilla.local | 4 | include qupzilla.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/qupzilla | 8 | noblacklist ${HOME}/.cache/qupzilla |
| 9 | noblacklist ${HOME}/.config/qupzilla | 9 | noblacklist ${HOME}/.config/qupzilla |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.cache/qupzilla | 18 | whitelist ${HOME}/.cache/qupzilla |
| 19 | whitelist ${HOME}/.config/qupzilla | 19 | whitelist ${HOME}/.config/qupzilla |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index d4d8e3b97..ac9f9bfd9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Keyboard-driven, vim-like browser based on PyQt5 | 2 | # Description: Keyboard-driven, vim-like browser based on PyQt5 |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/qutebrowser.local | 5 | include qutebrowser.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/qutebrowser | 9 | noblacklist ${HOME}/.cache/qutebrowser |
| 10 | noblacklist ${HOME}/.config/qutebrowser | 10 | noblacklist ${HOME}/.config/qutebrowser |
| @@ -19,10 +19,10 @@ noblacklist /usr/lib/python3* | |||
| 19 | # with >=llvm-4 mesa drivers need llvm stuff | 19 | # with >=llvm-4 mesa drivers need llvm stuff |
| 20 | noblacklist /usr/lib/llvm* | 20 | noblacklist /usr/lib/llvm* |
| 21 | 21 | ||
| 22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
| 23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
| 24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
| 25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
| 26 | 26 | ||
| 27 | mkdir ${HOME}/.cache/qutebrowser | 27 | mkdir ${HOME}/.cache/qutebrowser |
| 28 | mkdir ${HOME}/.config/qutebrowser | 28 | mkdir ${HOME}/.config/qutebrowser |
| @@ -31,7 +31,7 @@ whitelist ${DOWNLOADS} | |||
| 31 | whitelist ${HOME}/.cache/qutebrowser | 31 | whitelist ${HOME}/.cache/qutebrowser |
| 32 | whitelist ${HOME}/.config/qutebrowser | 32 | whitelist ${HOME}/.config/qutebrowser |
| 33 | whitelist ${HOME}/.local/share/qutebrowser | 33 | whitelist ${HOME}/.local/share/qutebrowser |
| 34 | include /etc/firejail/whitelist-common.inc | 34 | include whitelist-common.inc |
| 35 | 35 | ||
| 36 | caps.drop all | 36 | caps.drop all |
| 37 | netfilter | 37 | netfilter |
diff --git a/etc/rambox.profile b/etc/rambox.profile index afe9b41e7..6c65f869b 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
| @@ -1,24 +1,24 @@ | |||
| 1 | # Firejail profile for rambox | 1 | # Firejail profile for rambox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/rambox.local | 4 | include rambox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Rambox | 8 | noblacklist ${HOME}/.config/Rambox |
| 9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.config/Rambox | 16 | mkdir ${HOME}/.config/Rambox |
| 17 | mkdir ${HOME}/.pki | 17 | mkdir ${HOME}/.pki |
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | whitelist ${HOME}/.config/Rambox | 19 | whitelist ${HOME}/.config/Rambox |
| 20 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | netfilter | 24 | netfilter |
diff --git a/etc/ranger.profile b/etc/ranger.profile index fe4131e88..ea3137512 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: File manager with an ncurses frontend written in Python | 2 | # Description: File manager with an ncurses frontend written in Python |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ranger.local | 5 | include ranger.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/ranger | 9 | noblacklist ${HOME}/.config/ranger |
| 10 | 10 | ||
| @@ -20,11 +20,11 @@ noblacklist ${PATH}/perl | |||
| 20 | noblacklist /usr/lib/perl* | 20 | noblacklist /usr/lib/perl* |
| 21 | noblacklist /usr/share/perl* | 21 | noblacklist /usr/share/perl* |
| 22 | 22 | ||
| 23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
| 24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
| 25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
| 26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
| 27 | include /etc/firejail/disable-programs.inc | 27 | include disable-programs.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | net none | 30 | net none |
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index 7271ac2f4..100ee57e3 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: Free, casual arena shooter | 2 | # Description: Free, casual arena shooter |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/redeclipse.local | 5 | include redeclipse.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.redeclipse | 9 | noblacklist ${HOME}/.redeclipse |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.redeclipse | 17 | mkdir ${HOME}/.redeclipse |
| 18 | whitelist ${HOME}/.redeclipse | 18 | whitelist ${HOME}/.redeclipse |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/remmina.profile b/etc/remmina.profile index 51c0f2d17..d23c1dc6d 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: GTK+ Remote Desktop Client | 2 | # Description: GTK+ Remote Desktop Client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/remmina.local | 5 | include remmina.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.remmina | 9 | noblacklist ${HOME}/.remmina |
| 10 | noblacklist ${HOME}/.config/remmina | 10 | noblacklist ${HOME}/.config/remmina |
| 11 | noblacklist ${HOME}/.local/share/remmina | 11 | noblacklist ${HOME}/.local/share/remmina |
| 12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | nodvd | 24 | nodvd |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 7dc6470f9..39330b4d1 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Music player and organizer for GNOME | 2 | # Description: Music player and organizer for GNOME |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/rhythmbox.local | 5 | include rhythmbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | # rhythmbox is using Python | 13 | # rhythmbox is using Python |
| 14 | #include /etc/firejail/disable-interpreters.inc | 14 | #include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
| 22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 2e2143a54..715642185 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for ricochet | 1 | # Firejail profile for ricochet |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/ricochet.local | 4 | include ricochet.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.local/share/Ricochet | 9 | noblacklist ${HOME}/.local/share/Ricochet |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.local/share/Ricochet | 18 | whitelist ${HOME}/.local/share/Ricochet |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile index cc8b68ebb..fececd850 100644 --- a/etc/riot-desktop.profile +++ b/etc/riot-desktop.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: A glossy Matrix collaboration client for the desktop | 2 | # Description: A glossy Matrix collaboration client for the desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/riot-desktop.local | 5 | include riot-desktop.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/riot-web.profile | 10 | include riot-web.profile |
diff --git a/etc/riot-web.profile b/etc/riot-web.profile index 5379223c5..c9f597626 100644 --- a/etc/riot-web.profile +++ b/etc/riot-web.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: A glossy Matrix collaboration client for the web | 2 | # Description: A glossy Matrix collaboration client for the web |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/riot-web.local | 5 | include riot-web.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/Riot | 9 | noblacklist ${HOME}/.config/Riot |
| 10 | 10 | ||
| 11 | mkdir ${HOME}/.config/Riot | 11 | mkdir ${HOME}/.config/Riot |
| 12 | whitelist ${HOME}/.config/Riot | 12 | whitelist ${HOME}/.config/Riot |
| 13 | include /etc/firejail/whitelist-common.inc | 13 | include whitelist-common.inc |
| 14 | 14 | ||
| 15 | # Redirect | 15 | # Redirect |
| 16 | include /etc/firejail/electron.profile | 16 | include electron.profile |
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index bb2a7e95b..42493db98 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Lightweight picture-viewer for the Xfce desktop environment | 2 | # Description: Lightweight picture-viewer for the Xfce desktop environment |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ristretto.local | 5 | include ristretto.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/ristretto | 9 | noblacklist ${HOME}/.config/ristretto |
| 10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
| 11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile index da92cd938..c95bc3c3d 100644 --- a/etc/rocketchat.profile +++ b/etc/rocketchat.profile | |||
| @@ -1,14 +1,14 @@ | |||
| 1 | # Firejail profile for rocketchat | 1 | # Firejail profile for rocketchat |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/rocketchat.local | 4 | include rocketchat.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Rocket.Chat | 8 | noblacklist ${HOME}/.config/Rocket.Chat |
| 9 | 9 | ||
| 10 | whitelist ${HOME}/.config/Rocket.Chat | 10 | whitelist ${HOME}/.config/Rocket.Chat |
| 11 | include /etc/firejail/whitelist-common.inc | 11 | include whitelist-common.inc |
| 12 | 12 | ||
| 13 | # Redirect | 13 | # Redirect |
| 14 | include /etc/firejail/electron.profile | 14 | include electron.profile |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index bdc5b9232..2ce3e9640 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: Ncurses BitTorrent client based on LibTorrent from rakshasa | 2 | # Description: Ncurses BitTorrent client based on LibTorrent from rakshasa |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/rtorrent.local | 5 | include rtorrent.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | machine-id | 17 | machine-id |
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile index 05ffbfe20..794c38d6e 100644 --- a/etc/runenpass.sh.profile +++ b/etc/runenpass.sh.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/enpass.profile | 6 | include enpass.profile |
diff --git a/etc/rview.profile b/etc/rview.profile index 90481b019..b3a6bfbdc 100644 --- a/etc/rview.profile +++ b/etc/rview.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for rview | 1 | # Firejail profile for rview |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/rview.local | 4 | include rview.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/rvim.profile b/etc/rvim.profile index 1070e9376..5481dfe43 100644 --- a/etc/rvim.profile +++ b/etc/rvim.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for rvim | 1 | # Firejail profile for rvim |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/rvim.local | 4 | include rvim.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 8a369be7e..d978f722a 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for sayonara player | 1 | # Firejail profile for sayonara player |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/sayonara.local | 4 | include sayonara.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.Sayonara | 8 | noblacklist ${HOME}/.Sayonara |
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/scallion.profile b/etc/scallion.profile index 35cd04f8f..1c2157d80 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/scallion.local | 5 | include scallion.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
| 10 | noblacklist /usr/lib/llvm* | 10 | noblacklist /usr/lib/llvm* |
| @@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl | |||
| 12 | noblacklist ${PATH}/openssl-1.0 | 12 | noblacklist ${PATH}/openssl-1.0 |
| 13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/scribus.profile b/etc/scribus.profile index 375983667..0d718be1d 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Open Source Desktop Page Layout | 2 | # Description: Open Source Desktop Page Layout |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/scribus.local | 5 | include scribus.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Support for PDF readers comes with Scribus 1.5 and higher | 9 | # Support for PDF readers comes with Scribus 1.5 and higher |
| 10 | noblacklist ${HOME}/.cache/okular | 10 | noblacklist ${HOME}/.cache/okular |
| @@ -32,14 +32,14 @@ noblacklist ${PATH}/python3* | |||
| 32 | noblacklist /usr/lib/python2* | 32 | noblacklist /usr/lib/python2* |
| 33 | noblacklist /usr/lib/python3* | 33 | noblacklist /usr/lib/python3* |
| 34 | 34 | ||
| 35 | include /etc/firejail/disable-common.inc | 35 | include disable-common.inc |
| 36 | include /etc/firejail/disable-devel.inc | 36 | include disable-devel.inc |
| 37 | include /etc/firejail/disable-interpreters.inc | 37 | include disable-interpreters.inc |
| 38 | include /etc/firejail/disable-passwdmgr.inc | 38 | include disable-passwdmgr.inc |
| 39 | include /etc/firejail/disable-programs.inc | 39 | include disable-programs.inc |
| 40 | include /etc/firejail/disable-xdg.inc | 40 | include disable-xdg.inc |
| 41 | 41 | ||
| 42 | include /etc/firejail/whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
| 43 | 43 | ||
| 44 | caps.drop all | 44 | caps.drop all |
| 45 | net none | 45 | net none |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a2a54f838..d3124c257 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/sdat2img.local | 5 | include sdat2img.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
| 10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
| @@ -12,14 +12,14 @@ noblacklist ${PATH}/python3* | |||
| 12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
| 13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | net none | 25 | net none |
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index 1ceed99fd..e420d8124 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/seamonkey.profile | 6 | include seamonkey.profile |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index b702d8b23..9c38414bb 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: SeaMonkey internet suite | 2 | # Description: SeaMonkey internet suite |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/seamonkey.local | 5 | include seamonkey.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
| 10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
| 11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/mozilla | 18 | mkdir ${HOME}/.cache/mozilla |
| 19 | mkdir ${HOME}/.mozilla | 19 | mkdir ${HOME}/.mozilla |
| @@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight | |||
| 35 | whitelist ${HOME}/.wine-pipelight64 | 35 | whitelist ${HOME}/.wine-pipelight64 |
| 36 | whitelist ${HOME}/.zotero | 36 | whitelist ${HOME}/.zotero |
| 37 | whitelist ${HOME}/dwhelper | 37 | whitelist ${HOME}/dwhelper |
| 38 | include /etc/firejail/whitelist-common.inc | 38 | include whitelist-common.inc |
| 39 | 39 | ||
| 40 | caps.drop all | 40 | caps.drop all |
| 41 | netfilter | 41 | netfilter |
diff --git a/etc/server.profile b/etc/server.profile index 8d3382dee..a544a6284 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for server | 1 | # Firejail profile for server |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/server.local | 4 | include server.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # generic server profile | 8 | # generic server profile |
| 9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
| @@ -15,12 +15,12 @@ noblacklist /sbin | |||
| 15 | noblacklist /usr/sbin | 15 | noblacklist /usr/sbin |
| 16 | # noblacklist /var/opt | 16 | # noblacklist /var/opt |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | # include /etc/firejail/disable-devel.inc | 19 | # include disable-devel.inc |
| 20 | # include /etc/firejail/disable-interpreters.inc | 20 | # include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | #include /etc/firejail/disable-xdg.inc | 23 | #include disable-xdg.inc |
| 24 | 24 | ||
| 25 | caps | 25 | caps |
| 26 | # ipc-namespace | 26 | # ipc-namespace |
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index 90fc9cb8c..7bc3febe0 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
| @@ -3,20 +3,20 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/shellcheck.local | 6 | include shellcheck.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index e5a8ce4df..9167dda25 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for shotcut | 1 | # Firejail profile for shotcut |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/shotcut.local | 4 | include shotcut.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Meltytech | 8 | noblacklist ${HOME}/.config/Meltytech |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | net none | 17 | net none |
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index c52f45f31..250f9d3a5 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for signal-desktop | 1 | # Firejail profile for signal-desktop |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/signal-desktop.local | 4 | include signal-desktop.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Signal | 8 | noblacklist ${HOME}/.config/Signal |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.config/Signal | 16 | mkdir ${HOME}/.config/Signal |
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | whitelist ${HOME}/.config/Signal | 18 | whitelist ${HOME}/.config/Signal |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 0fa19e610..67b54dd74 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for silentarmy | 1 | # Firejail profile for silentarmy |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/silentarmy.local | 4 | include silentarmy.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 30d2203de..85cb00ef1 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Simple Scanning Utility | 2 | # Description: Simple Scanning Utility |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/simple-scan.local | 5 | include simple-scan.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/simple-scan | 9 | noblacklist ${HOME}/.cache/simple-scan |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 3722d9414..5afa8e52e 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Transportation simulator | 2 | # Description: Transportation simulator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/simutrans.local | 5 | include simutrans.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.simutrans | 9 | noblacklist ${HOME}/.simutrans |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.simutrans | 17 | mkdir ${HOME}/.simutrans |
| 18 | whitelist ${HOME}/.simutrans | 18 | whitelist ${HOME}/.simutrans |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index f8bca415d..76b050d18 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Image scanner based on the KSane backend | 2 | # Description: Image scanner based on the KSane backend |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/skanlite.local | 5 | include skanlite.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | # net none | 19 | # net none |
diff --git a/etc/skype.profile b/etc/skype.profile index 04f15b454..c8d09c585 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for skype | 1 | # Firejail profile for skype |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/skype.local | 4 | include skype.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.Skype | 8 | noblacklist ${HOME}/.Skype |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index c675f0345..bccef9705 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for skypeforlinux | 1 | # Firejail profile for skypeforlinux |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/skypeforlinux.local | 4 | include skypeforlinux.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/skypeforlinux | 8 | noblacklist ${HOME}/.config/skypeforlinux |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/slack.profile b/etc/slack.profile index ba77a16b9..3b60e7379 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
| @@ -1,25 +1,25 @@ | |||
| 1 | # Firejail profile for slack | 1 | # Firejail profile for slack |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/slack.local | 4 | include slack.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Slack | 8 | noblacklist ${HOME}/.config/Slack |
| 9 | noblacklist ${HOME}/Downloads | 9 | noblacklist ${HOME}/Downloads |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.config | 17 | mkdir ${HOME}/.config |
| 18 | mkdir ${HOME}/.config/Slack | 18 | mkdir ${HOME}/.config/Slack |
| 19 | whitelist ${HOME}/.config/Slack | 19 | whitelist ${HOME}/.config/Slack |
| 20 | whitelist ${HOME}/Downloads | 20 | whitelist ${HOME}/Downloads |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | name slack | 25 | name slack |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 6d8355e6f..c2628aa4d 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Complete front-end for MPlayer and mpv | 2 | # Description: Complete front-end for MPlayer and mpv |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/smplayer.local | 5 | include smplayer.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
| 10 | noblacklist ${HOME}/.mplayer | 10 | noblacklist ${HOME}/.mplayer |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | noblacklist ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | apparmor | 23 | apparmor |
| 24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/smtube.profile b/etc/smtube.profile index 430b4e5cf..3134aeaf3 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: YouTube videos browser | 2 | # Description: YouTube videos browser |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/smtube.local | 5 | include smtube.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
| 10 | noblacklist ${HOME}/.config/smtube | 10 | noblacklist ${HOME}/.config/smtube |
| @@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/vlc | |||
| 15 | noblacklist ${MUSIC} | 15 | noblacklist ${MUSIC} |
| 16 | noblacklist ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | netfilter | 28 | netfilter |
diff --git a/etc/snap.profile b/etc/snap.profile index bcfdc8911..1c6d750e4 100644 --- a/etc/snap.profile +++ b/etc/snap.profile | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | # Description: Location of genes from DNA sequence with hidden markov model | 2 | # Description: Location of genes from DNA sequence with hidden markov model |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/snap.local | 5 | include snap.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Generic Ubuntu snap application profile | 9 | # Generic Ubuntu snap application profile |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
| 16 | whitelist ${HOME}/snap | 16 | whitelist ${HOME}/snap |
| 17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
diff --git a/etc/snox.profile b/etc/snox.profile index 22bb0cdb0..3b3fd1ae1 100644 --- a/etc/snox.profile +++ b/etc/snox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for snox | 1 | # Firejail profile for snox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/snox.local | 4 | include snox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/snox | 8 | noblacklist ${HOME}/.cache/snox |
| 9 | noblacklist ${HOME}/.config/snox | 9 | noblacklist ${HOME}/.config/snox |
| @@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox | |||
| 16 | whitelist ${HOME}/.config/snox | 16 | whitelist ${HOME}/.config/snox |
| 17 | 17 | ||
| 18 | # Redirect | 18 | # Redirect |
| 19 | include /etc/firejail/chromium-common.profile | 19 | include chromium-common.profile |
diff --git a/etc/soffice.profile b/etc/soffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/soffice.profile +++ b/etc/soffice.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 69efe5244..6c1894dc4 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: GNOME application to convert audio files into other formats | 2 | # Description: GNOME application to convert audio files into other formats |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/soundconverter.local | 5 | include soundconverter.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| @@ -14,14 +14,14 @@ noblacklist ${PATH}/python3* | |||
| 14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
| 15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
| 23 | 23 | ||
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | net none | 27 | net none |
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 18d3a0575..350f10632 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/spectre-meltdown-checker.local | 5 | include spectre-meltdown-checker.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # sudo firejail --allow-debuggers spectre-meltdown-checker | 9 | # sudo firejail --allow-debuggers spectre-meltdown-checker |
| 10 | 10 | ||
| @@ -18,14 +18,14 @@ noblacklist ${PATH}/perl | |||
| 18 | noblacklist /usr/lib/perl* | 18 | noblacklist /usr/lib/perl* |
| 19 | noblacklist /usr/share/perl* | 19 | noblacklist /usr/share/perl* |
| 20 | 20 | ||
| 21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
| 22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
| 23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
| 24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
| 25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
| 26 | include /etc/firejail/disable-xdg.inc | 26 | include disable-xdg.inc |
| 27 | 27 | ||
| 28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
| 29 | 29 | ||
| 30 | caps.keep sys_rawio | 30 | caps.keep sys_rawio |
| 31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 3adf3183c..cd42b781d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for spotify | 1 | # Firejail profile for spotify |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/spotify.local | 4 | include spotify.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | blacklist ${HOME}/.bashrc | 8 | blacklist ${HOME}/.bashrc |
| 9 | blacklist /lost+found | 9 | blacklist /lost+found |
| @@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify | |||
| 14 | noblacklist ${HOME}/.config/spotify | 14 | noblacklist ${HOME}/.config/spotify |
| 15 | noblacklist ${HOME}/.local/share/spotify | 15 | noblacklist ${HOME}/.local/share/spotify |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | mkdir ${HOME}/.cache/spotify | 23 | mkdir ${HOME}/.cache/spotify |
| 24 | mkdir ${HOME}/.config/spotify | 24 | mkdir ${HOME}/.config/spotify |
| @@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify | |||
| 26 | whitelist ${HOME}/.cache/spotify | 26 | whitelist ${HOME}/.cache/spotify |
| 27 | whitelist ${HOME}/.config/spotify | 27 | whitelist ${HOME}/.config/spotify |
| 28 | whitelist ${HOME}/.local/share/spotify | 28 | whitelist ${HOME}/.local/share/spotify |
| 29 | include /etc/firejail/whitelist-common.inc | 29 | include whitelist-common.inc |
| 30 | include /etc/firejail/whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
| 31 | 31 | ||
| 32 | caps.drop all | 32 | caps.drop all |
| 33 | netfilter | 33 | netfilter |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 0f030d559..6e9c0022e 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: GUI editor for SQLite databases | 2 | # Description: GUI editor for SQLite databases |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/sqlitebrowser.local | 5 | include sqlitebrowser.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/sqlitebrowser | 9 | noblacklist ${HOME}/.config/sqlitebrowser |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index b71c20231..02b66955f 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/ssh-agent.local | 5 | include ssh-agent.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| @@ -12,9 +12,9 @@ noblacklist /etc/ssh | |||
| 12 | noblacklist /tmp/ssh-* | 12 | noblacklist /tmp/ssh-* |
| 13 | noblacklist ${HOME}/.ssh | 13 | noblacklist ${HOME}/.ssh |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | shell none | 19 | shell none |
| 20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 584294f05..cc94793f3 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
| @@ -3,17 +3,17 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/ssh.local | 6 | include ssh.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist /etc/ssh | 10 | noblacklist /etc/ssh |
| 11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
| 12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 9f62b42c5..d6dd2404d 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
| @@ -1,24 +1,24 @@ | |||
| 1 | # Firejail profile for standardnotes-desktop | 1 | # Firejail profile for standardnotes-desktop |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/standardnotes-desktop.local | 4 | include standardnotes-desktop.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/Standard Notes Backups | 8 | noblacklist ${HOME}/Standard Notes Backups |
| 9 | noblacklist ${HOME}/.config/Standard Notes | 9 | noblacklist ${HOME}/.config/Standard Notes |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/Standard Notes Backups | 17 | mkdir ${HOME}/Standard Notes Backups |
| 18 | mkdir ${HOME}/.config/Standard Notes | 18 | mkdir ${HOME}/.config/Standard Notes |
| 19 | whitelist ${HOME}/Standard Notes Backups | 19 | whitelist ${HOME}/Standard Notes Backups |
| 20 | whitelist ${HOME}/.config/Standard Notes | 20 | whitelist ${HOME}/.config/Standard Notes |
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | apparmor | 23 | apparmor |
| 24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile index c17815969..2b01eca88 100644 --- a/etc/start-tor-browser.desktop.profile +++ b/etc/start-tor-browser.desktop.profile | |||
| @@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn: | |||
| 63 | whitelist ${HOME}/.tor-browser-zh-cn: | 63 | whitelist ${HOME}/.tor-browser-zh-cn: |
| 64 | 64 | ||
| 65 | # Redirect | 65 | # Redirect |
| 66 | include /etc/firejail/torbrowser-launcher.profile | 66 | include torbrowser-launcher.profile |
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 4d9ebcb2e..a7e99a7fb 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for start-tor-browser | 1 | # Firejail profile for start-tor-browser |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/start-tor-browser.local | 4 | include start-tor-browser.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/steam-native.profile b/etc/steam-native.profile index b85b1659b..47608ad28 100644 --- a/etc/steam-native.profile +++ b/etc/steam-native.profile | |||
| @@ -2,4 +2,4 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | 3 | ||
| 4 | # Redirect | 4 | # Redirect |
| 5 | include /etc/firejail/steam.profile | 5 | include steam.profile |
diff --git a/etc/steam.profile b/etc/steam.profile index 903384ecf..7ea9d7abf 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Valve's Steam digital software delivery system | 2 | # Description: Valve's Steam digital software delivery system |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/steam.local | 5 | include steam.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 10 | noblacklist ${HOME}/.killingfloor | 10 | noblacklist ${HOME}/.killingfloor |
| @@ -37,13 +37,13 @@ noblacklist ${PATH}/python3* | |||
| 37 | noblacklist /usr/lib/python2* | 37 | noblacklist /usr/lib/python2* |
| 38 | noblacklist /usr/lib/python3* | 38 | noblacklist /usr/lib/python3* |
| 39 | 39 | ||
| 40 | include /etc/firejail/disable-common.inc | 40 | include disable-common.inc |
| 41 | include /etc/firejail/disable-devel.inc | 41 | include disable-devel.inc |
| 42 | include /etc/firejail/disable-interpreters.inc | 42 | include disable-interpreters.inc |
| 43 | include /etc/firejail/disable-passwdmgr.inc | 43 | include disable-passwdmgr.inc |
| 44 | include /etc/firejail/disable-programs.inc | 44 | include disable-programs.inc |
| 45 | 45 | ||
| 46 | include /etc/firejail/whitelist-var-common.inc | 46 | include whitelist-var-common.inc |
| 47 | 47 | ||
| 48 | caps.drop all | 48 | caps.drop all |
| 49 | #ipc-namespace | 49 | #ipc-namespace |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index cddbd99d6..229f871c6 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
| @@ -2,25 +2,25 @@ | |||
| 2 | # Description: Real-time photo-realistic sky generator | 2 | # Description: Real-time photo-realistic sky generator |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/stellarium.local | 5 | include stellarium.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/stellarium | 9 | noblacklist ${HOME}/.config/stellarium |
| 10 | noblacklist ${HOME}/.stellarium | 10 | noblacklist ${HOME}/.stellarium |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.config/stellarium | 18 | mkdir ${HOME}/.config/stellarium |
| 19 | mkdir ${HOME}/.stellarium | 19 | mkdir ${HOME}/.stellarium |
| 20 | whitelist ${HOME}/.config/stellarium | 20 | whitelist ${HOME}/.config/stellarium |
| 21 | whitelist ${HOME}/.stellarium | 21 | whitelist ${HOME}/.stellarium |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
| 24 | 24 | ||
| 25 | caps.drop all | 25 | caps.drop all |
| 26 | machine-id | 26 | machine-id |
diff --git a/etc/strings.profile b/etc/strings.profile index ae2fbf18f..3791486c5 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | quiet | 3 | quiet |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/strings.local | 5 | include strings.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | # added by included default.profile | 7 | # added by included default.profile |
| 8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| @@ -30,4 +30,4 @@ memory-deny-write-execute | |||
| 30 | noexec ${HOME} | 30 | noexec ${HOME} |
| 31 | noexec /tmp | 31 | noexec /tmp |
| 32 | 32 | ||
| 33 | include /etc/firejail/default.profile | 33 | include default.profile |
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile index b4eee28df..d556521e1 100644 --- a/etc/studio.sh.profile +++ b/etc/studio.sh.profile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # Firejail profile alias for Android Studio | 1 | # Firejail profile alias for Android Studio |
| 2 | 2 | ||
| 3 | # Redirect | 3 | # Redirect |
| 4 | include /etc/firejail/android-studio.profile | 4 | include android-studio.profile |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 84083e9aa..789a75ad0 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for supertux2 | 1 | # Firejail profile for supertux2 |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/supertux2.local | 4 | include supertux2.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.local/share/supertux2 | 8 | noblacklist ${HOME}/.local/share/supertux2 |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.local/share/supertux2 | 16 | mkdir ${HOME}/.local/share/supertux2 |
| 17 | whitelist ${HOME}/.local/share/supertux2 | 17 | whitelist ${HOME}/.local/share/supertux2 |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/surf.profile b/etc/surf.profile index 3d40ea49b..d98946cc8 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Simple web browser by suckless community | 2 | # Description: Simple web browser by suckless community |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/surf.local | 5 | include surf.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.surf | 9 | noblacklist ${HOME}/.surf |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.surf | 16 | mkdir ${HOME}/.surf |
| 17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index 5f30c95ba..ec29b38e3 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Light weight e-mail client with GTK+ | 2 | # Description: Light weight e-mail client with GTK+ |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/sylpheed.local | 5 | include sylpheed.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.sylpheed-2.0 | 9 | noblacklist ${HOME}/.sylpheed-2.0 |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 0fc59fd17..ca0969a3b 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Vector-based 2D animation package | 2 | # Description: Vector-based 2D animation package |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/synfigstudio.local | 5 | include synfigstudio.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/synfig | 9 | noblacklist ${HOME}/.config/synfig |
| 10 | noblacklist ${HOME}/.synfig | 10 | noblacklist ${HOME}/.synfig |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | net none | 19 | net none |
diff --git a/etc/tar.profile b/etc/tar.profile index 7409393c6..ff49fba47 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/tar.local | 6 | include tar.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -28,4 +28,4 @@ private-dev | |||
| 28 | private-etc passwd,group,localtime | 28 | private-etc passwd,group,localtime |
| 29 | private-lib | 29 | private-lib |
| 30 | 30 | ||
| 31 | include /etc/firejail/default.profile | 31 | include default.profile |
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index 55a95157d..196ec7437 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: TeamSpeak is software for quality voice communication via the Internet | 2 | # Description: TeamSpeak is software for quality voice communication via the Internet |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/teamspeak3.local | 5 | include teamspeak3.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.ts3client | 9 | noblacklist ${HOME}/.ts3client |
| 10 | noblacklist ${PATH}/openssl | 10 | noblacklist ${PATH}/openssl |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.ts3client | 18 | mkdir ${HOME}/.ts3client |
| 19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 20 | whitelist ${HOME}/.ts3client | 20 | whitelist ${HOME}/.ts3client |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile index 9e4855247..ef60bdc8c 100644 --- a/etc/telegram-desktop.profile +++ b/etc/telegram-desktop.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/telegram.profile | 7 | include telegram.profile |
diff --git a/etc/telegram.profile b/etc/telegram.profile index 9ffb9f287..fb2c06a27 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for telegram | 1 | # Firejail profile for telegram |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/telegram.local | 4 | include telegram.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.TelegramDesktop | 8 | noblacklist ${HOME}/.TelegramDesktop |
| 9 | noblacklist ${HOME}/.local/share/TelegramDesktop | 9 | noblacklist ${HOME}/.local/share/TelegramDesktop |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | netfilter | 17 | netfilter |
diff --git a/etc/terasology.profile b/etc/terasology.profile index fa45eb880..dff5391f7 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for terasology | 1 | # Firejail profile for terasology |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/terasology.local | 4 | include terasology.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
| 9 | noblacklist ${HOME}/.local/share/terasology | 9 | noblacklist ${HOME}/.local/share/terasology |
| @@ -14,17 +14,17 @@ noblacklist /usr/lib/java | |||
| 14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
| 15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | mkdir ${HOME}/.java | 23 | mkdir ${HOME}/.java |
| 24 | mkdir ${HOME}/.local/share/terasology | 24 | mkdir ${HOME}/.local/share/terasology |
| 25 | whitelist ${HOME}/.java | 25 | whitelist ${HOME}/.java |
| 26 | whitelist ${HOME}/.local/share/terasology | 26 | whitelist ${HOME}/.local/share/terasology |
| 27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/thunar.profile b/etc/thunar.profile index 37d10ae0d..0c7a048c4 100644 --- a/etc/thunar.profile +++ b/etc/thunar.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/Thunar.profile | 7 | include Thunar.profile |
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile index 73d2419da..2bd06cb14 100644 --- a/etc/thunderbird-beta.profile +++ b/etc/thunderbird-beta.profile | |||
| @@ -5,4 +5,4 @@ | |||
| 5 | whitelist /opt/thunderbird-beta | 5 | whitelist /opt/thunderbird-beta |
| 6 | 6 | ||
| 7 | # Redirect | 7 | # Redirect |
| 8 | include /etc/firejail/thunderbird.profile | 8 | include thunderbird.profile |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 86671d1be..5f1af91be 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Email, RSS and newsgroup client with integrated spam filter | 2 | # Description: Email, RSS and newsgroup client with integrated spam filter |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/thunderbird.local | 5 | include thunderbird.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Users have thunderbird set to open a browser by clicking a link in an email | 9 | # Users have thunderbird set to open a browser by clicking a link in an email |
| 10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
| @@ -38,4 +38,4 @@ writable-run-user | |||
| 38 | 38 | ||
| 39 | # allow browsers | 39 | # allow browsers |
| 40 | # Redirect | 40 | # Redirect |
| 41 | include /etc/firejail/firefox.profile | 41 | include firefox.profile |
diff --git a/etc/tilp.profile b/etc/tilp.profile index 7d63df630..ecacd1deb 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | # Firejail profile for tilp | 1 | # Firejail profile for tilp |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/tilp.local | 4 | include tilp.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.tilp | 8 | noblacklist ${HOME}/.tilp |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | caps.drop all | 16 | caps.drop all |
| 17 | net none | 17 | net none |
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile index a668a05d4..612b2d01b 100644 --- a/etc/tor-browser-ar.profile +++ b/etc/tor-browser-ar.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar | |||
| 7 | whitelist ${HOME}/.tor-browser-ar | 7 | whitelist ${HOME}/.tor-browser-ar |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile index 195377f0f..db56dda1b 100644 --- a/etc/tor-browser-en-us.profile +++ b/etc/tor-browser-en-us.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us | |||
| 7 | whitelist ${HOME}/.tor-browser-en-us | 7 | whitelist ${HOME}/.tor-browser-en-us |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 75aad1a09..ad4110c0e 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en | |||
| 7 | whitelist ${HOME}/.tor-browser-en | 7 | whitelist ${HOME}/.tor-browser-en |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile index b6e5dedbc..1aa586658 100644 --- a/etc/tor-browser-es-es.profile +++ b/etc/tor-browser-es-es.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es | |||
| 7 | whitelist ${HOME}/.tor-browser-es-es | 7 | whitelist ${HOME}/.tor-browser-es-es |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile index c607c93e3..a386e3387 100644 --- a/etc/tor-browser-es.profile +++ b/etc/tor-browser-es.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es | |||
| 7 | whitelist ${HOME}/.tor-browser-es | 7 | whitelist ${HOME}/.tor-browser-es |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile index 3ce689c21..7f847a7c2 100644 --- a/etc/tor-browser-fa.profile +++ b/etc/tor-browser-fa.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa | |||
| 7 | whitelist ${HOME}/.tor-browser-fa | 7 | whitelist ${HOME}/.tor-browser-fa |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile index 369184aba..bce470ec8 100644 --- a/etc/tor-browser-fr.profile +++ b/etc/tor-browser-fr.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr | |||
| 7 | whitelist ${HOME}/.tor-browser-fr | 7 | whitelist ${HOME}/.tor-browser-fr |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile index e5d54617d..3c239ca29 100644 --- a/etc/tor-browser-it.profile +++ b/etc/tor-browser-it.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it | |||
| 7 | whitelist ${HOME}/.tor-browser-it | 7 | whitelist ${HOME}/.tor-browser-it |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile index a3cfa1987..c52e0f64e 100644 --- a/etc/tor-browser-ja.profile +++ b/etc/tor-browser-ja.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja | |||
| 7 | whitelist ${HOME}/.tor-browser-ja | 7 | whitelist ${HOME}/.tor-browser-ja |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile index 6a7fe905c..8faa5afa1 100644 --- a/etc/tor-browser-ko.profile +++ b/etc/tor-browser-ko.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko | |||
| 7 | whitelist ${HOME}/.tor-browser-ko | 7 | whitelist ${HOME}/.tor-browser-ko |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile index e72d64a3e..08ddd4ae7 100644 --- a/etc/tor-browser-pl.profile +++ b/etc/tor-browser-pl.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl | |||
| 7 | whitelist ${HOME}/.tor-browser-pl | 7 | whitelist ${HOME}/.tor-browser-pl |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile index d3a5d1b79..9942a3fe8 100644 --- a/etc/tor-browser-pt-br.profile +++ b/etc/tor-browser-pt-br.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br | |||
| 7 | whitelist ${HOME}/.tor-browser-pt-br | 7 | whitelist ${HOME}/.tor-browser-pt-br |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile index 22b772b28..6294f8ca0 100644 --- a/etc/tor-browser-ru.profile +++ b/etc/tor-browser-ru.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru | |||
| 7 | whitelist ${HOME}/.tor-browser-ru | 7 | whitelist ${HOME}/.tor-browser-ru |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile index cd1c5b0b3..734c38698 100644 --- a/etc/tor-browser-vi.profile +++ b/etc/tor-browser-vi.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi | |||
| 7 | whitelist ${HOME}/.tor-browser-vi | 7 | whitelist ${HOME}/.tor-browser-vi |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile index bf1bc75d6..21e813e45 100644 --- a/etc/tor-browser-zh-cn.profile +++ b/etc/tor-browser-zh-cn.profile | |||
| @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn | |||
| 7 | whitelist ${HOME}/.tor-browser-zh-cn | 7 | whitelist ${HOME}/.tor-browser-zh-cn |
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor.profile b/etc/tor.profile index ddaa9806c..c455f1864 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Anonymizing overlay network for TCP | 2 | # Description: Anonymizing overlay network for TCP |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/tor.local | 5 | include tor.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # How to use: | 9 | # How to use: |
| 10 | # Create a script called anything (e.g. mytor) | 10 | # Create a script called anything (e.g. mytor) |
| @@ -17,12 +17,12 @@ include /etc/firejail/globals.local | |||
| 17 | # You'll also likely want to disable the system service (if it exists) | 17 | # You'll also likely want to disable the system service (if it exists) |
| 18 | # Run mytor (or whatever you called the script above) whenever you want to start tor | 18 | # Run mytor (or whatever you called the script above) whenever you want to start tor |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | caps.keep setuid,setgid,net_bind_service,dac_read_search | 27 | caps.keep setuid,setgid,net_bind_service,dac_read_search |
| 28 | ipc-namespace | 28 | ipc-namespace |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 307377acc..617518eeb 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Helps download and run the Tor Browser Bundle | 2 | # Description: Helps download and run the Tor Browser Bundle |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/torbrowser-launcher.local | 5 | include torbrowser-launcher.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/torbrowser | 9 | noblacklist ${HOME}/.config/torbrowser |
| 10 | noblacklist ${HOME}/.local/share/torbrowser | 10 | noblacklist ${HOME}/.local/share/torbrowser |
| @@ -15,20 +15,20 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
| 24 | 24 | ||
| 25 | mkdir ${HOME}/.config/torbrowser | 25 | mkdir ${HOME}/.config/torbrowser |
| 26 | mkdir ${HOME}/.local/share/torbrowser | 26 | mkdir ${HOME}/.local/share/torbrowser |
| 27 | whitelist ${DOWNLOADS} | 27 | whitelist ${DOWNLOADS} |
| 28 | whitelist ${HOME}/.config/torbrowser | 28 | whitelist ${HOME}/.config/torbrowser |
| 29 | whitelist ${HOME}/.local/share/torbrowser | 29 | whitelist ${HOME}/.local/share/torbrowser |
| 30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
| 31 | include /etc/firejail/whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
| 32 | 32 | ||
| 33 | caps.drop all | 33 | caps.drop all |
| 34 | netfilter | 34 | netfilter |
diff --git a/etc/totem.profile b/etc/totem.profile index bfa5883e2..e5be49084 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Simple media player for the GNOME desktop based on GStreamer | 2 | # Description: Simple media player for the GNOME desktop based on GStreamer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/totem.local | 5 | include totem.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/totem | 9 | noblacklist ${HOME}/.config/totem |
| 10 | noblacklist ${HOME}/.local/share/totem | 10 | noblacklist ${HOME}/.local/share/totem |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| 12 | noblacklist ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | # apparmor - makes settings immutable | 23 | # apparmor - makes settings immutable |
| 24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/tracker.profile b/etc/tracker.profile index 142089c34..6d86b2951 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Metadata database, indexer and search tool | 2 | # Description: Metadata database, indexer and search tool |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/tracker.local | 5 | include tracker.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 1a22a713c..bcd1bacb0 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
| @@ -2,18 +2,18 @@ | |||
| 2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/transmission-cli.local | 5 | include transmission-cli.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
| 10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | machine-id | 19 | machine-id |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 758205ccf..134232460 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -2,26 +2,26 @@ | |||
| 2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/transmission-gtk.local | 5 | include transmission-gtk.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
| 10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/transmission | 18 | mkdir ${HOME}/.cache/transmission |
| 19 | mkdir ${HOME}/.config/transmission | 19 | mkdir ${HOME}/.config/transmission |
| 20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 21 | whitelist ${HOME}/.cache/transmission | 21 | whitelist ${HOME}/.cache/transmission |
| 22 | whitelist ${HOME}/.config/transmission | 22 | whitelist ${HOME}/.config/transmission |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | apparmor | 26 | apparmor |
| 27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index c8eb9e326..5679229e9 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -2,26 +2,26 @@ | |||
| 2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/transmission-qt.local | 5 | include transmission-qt.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
| 10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.cache/transmission | 18 | mkdir ${HOME}/.cache/transmission |
| 19 | mkdir ${HOME}/.config/transmission | 19 | mkdir ${HOME}/.config/transmission |
| 20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 21 | whitelist ${HOME}/.cache/transmission | 21 | whitelist ${HOME}/.cache/transmission |
| 22 | whitelist ${HOME}/.config/transmission | 22 | whitelist ${HOME}/.config/transmission |
| 23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
| 25 | 25 | ||
| 26 | apparmor | 26 | apparmor |
| 27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 06b79effd..e0bc9e309 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for transmission-show | 1 | # Firejail profile for transmission-show |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/transmission-show.local | 4 | include transmission-show.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/transmission | 8 | noblacklist ${HOME}/.cache/transmission |
| 9 | noblacklist ${HOME}/.config/transmission | 9 | noblacklist ${HOME}/.config/transmission |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | machine-id | 18 | machine-id |
diff --git a/etc/truecraft.profile b/etc/truecraft.profile index 1eb7b65ba..7151e62f8 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile | |||
| @@ -1,24 +1,24 @@ | |||
| 1 | # Firejail profile for truecraft | 1 | # Firejail profile for truecraft |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/truecraft.local | 4 | include truecraft.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/mono | 8 | noblacklist ${HOME}/.config/mono |
| 9 | noblacklist ${HOME}/.config/truecraft | 9 | noblacklist ${HOME}/.config/truecraft |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.config/mono | 17 | mkdir ${HOME}/.config/mono |
| 18 | mkdir ${HOME}/.config/truecraft | 18 | mkdir ${HOME}/.config/truecraft |
| 19 | whitelist ${HOME}/.config/mono | 19 | whitelist ${HOME}/.config/mono |
| 20 | whitelist ${HOME}/.config/truecraft | 20 | whitelist ${HOME}/.config/truecraft |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | 22 | ||
| 23 | caps.drop all | 23 | caps.drop all |
| 24 | nodvd | 24 | nodvd |
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index d467e1a83..d6243720a 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Multitrack guitar tablature editor and player (gp3 to gp5) | 2 | # Description: Multitrack guitar tablature editor and player (gp3 to gp5) |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/tuxguitar.local | 5 | include tuxguitar.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 10 | noblacklist ${HOME}/.tuxguitar* | 10 | noblacklist ${HOME}/.tuxguitar* |
| @@ -17,14 +17,14 @@ noblacklist /usr/lib/java | |||
| 17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
| 18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | netfilter | 30 | netfilter |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index d4016d061..ec0adef3a 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for uefitool | 1 | # Firejail profile for uefitool |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/uefitool.local | 4 | include uefitool.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 3c3c685e0..7e718d4e5 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
| @@ -1,21 +1,21 @@ | |||
| 1 | # Firejail profile for uget-gtk | 1 | # Firejail profile for uget-gtk |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/uget-gtk.local | 4 | include uget-gtk.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/uGet | 8 | noblacklist ${HOME}/.config/uGet |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | mkdir ${HOME}/.config/uGet | 15 | mkdir ${HOME}/.config/uGet |
| 16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
| 17 | whitelist ${HOME}/.config/uGet | 17 | whitelist ${HOME}/.config/uGet |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 5bc350e8d..05f24ea99 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Validating, recursive, caching DNS resolver | 2 | # Description: Validating, recursive, caching DNS resolver |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/unbound.local | 5 | include unbound.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist /sbin | 11 | noblacklist /sbin |
| 12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
| 20 | 20 | ||
| 21 | whitelist /var/lib/unbound | 21 | whitelist /var/lib/unbound |
| 22 | whitelist /var/run | 22 | whitelist /var/run |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 5b2944a88..3f2f395c4 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: 2D realtime strategy simulation | 2 | # Description: 2D realtime strategy simulation |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/unknown-horizons.local | 5 | include unknown-horizons.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.unknown-horizons | 9 | noblacklist ${HOME}/.unknown-horizons |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | mkdir ${HOME}/.unknown-horizons | 15 | mkdir ${HOME}/.unknown-horizons |
| 16 | whitelist ${HOME}/.unknown-horizons | 16 | whitelist ${HOME}/.unknown-horizons |
| 17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | nodvd | 20 | nodvd |
diff --git a/etc/unlzma.profile b/etc/unlzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unlzma.profile +++ b/etc/unlzma.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/unrar.profile b/etc/unrar.profile index c8c72f1f3..7a2a73cd8 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/unrar.local | 6 | include unrar.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -27,4 +27,4 @@ private-dev | |||
| 27 | private-etc passwd,group,localtime | 27 | private-etc passwd,group,localtime |
| 28 | private-tmp | 28 | private-tmp |
| 29 | 29 | ||
| 30 | include /etc/firejail/default.profile | 30 | include default.profile |
diff --git a/etc/unxz.profile b/etc/unxz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unxz.profile +++ b/etc/unxz.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 0b8b0cc50..549a239d0 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/unzip.local | 6 | include unzip.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -29,4 +29,4 @@ private-etc passwd,group,localtime | |||
| 29 | # GNOME Shell integration (chrome-gnome-shell) | 29 | # GNOME Shell integration (chrome-gnome-shell) |
| 30 | noblacklist ${HOME}/.local/share/gnome-shell | 30 | noblacklist ${HOME}/.local/share/gnome-shell |
| 31 | 31 | ||
| 32 | include /etc/firejail/default.profile | 32 | include default.profile |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index d1130960d..ec123a3f6 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/uudeview.local | 6 | include uudeview.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | hostname uudeview | 11 | hostname uudeview |
| 12 | ignore noroot | 12 | ignore noroot |
| @@ -24,4 +24,4 @@ private-cache | |||
| 24 | private-dev | 24 | private-dev |
| 25 | private-etc ld.so.preload | 25 | private-etc ld.so.preload |
| 26 | 26 | ||
| 27 | include /etc/firejail/default.profile | 27 | include default.profile |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index b8a3fa497..7e6b35d13 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for uzbl-browser | 1 | # Firejail profile for uzbl-browser |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/uzbl-browser.local | 4 | include uzbl-browser.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/uzbl | 8 | noblacklist ${HOME}/.config/uzbl |
| 9 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
| @@ -15,10 +15,10 @@ noblacklist ${PATH}/python3* | |||
| 15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
| 16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
| 22 | 22 | ||
| 23 | mkdir ${HOME}/.config/uzbl | 23 | mkdir ${HOME}/.config/uzbl |
| 24 | mkdir ${HOME}/.gnupg | 24 | mkdir ${HOME}/.gnupg |
| @@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl | |||
| 29 | whitelist ${HOME}/.gnupg | 29 | whitelist ${HOME}/.gnupg |
| 30 | whitelist ${HOME}/.local/share/uzbl | 30 | whitelist ${HOME}/.local/share/uzbl |
| 31 | whitelist ${HOME}/.password-store | 31 | whitelist ${HOME}/.password-store |
| 32 | include /etc/firejail/whitelist-common.inc | 32 | include whitelist-common.inc |
| 33 | 33 | ||
| 34 | caps.drop all | 34 | caps.drop all |
| 35 | netfilter | 35 | netfilter |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 08f9fd309..d459d5b88 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Simple, fast and elegant image viewer | 2 | # Description: Simple, fast and elegant image viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/viewnior.local | 5 | include viewnior.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
| 10 | 10 | ||
| @@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam | |||
| 12 | noblacklist ${HOME}/.config/viewnior | 12 | noblacklist ${HOME}/.config/viewnior |
| 13 | noblacklist ${HOME}/.steam | 13 | noblacklist ${HOME}/.steam |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | net none | 22 | net none |
diff --git a/etc/viking.profile b/etc/viking.profile index 624cb962b..2f3ac8edb 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: GPS data editor, analyzer and viewer | 2 | # Description: GPS data editor, analyzer and viewer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/viking.local | 5 | include viking.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.viking | 9 | noblacklist ${HOME}/.viking |
| 10 | noblacklist ${HOME}/.viking-maps | 10 | noblacklist ${HOME}/.viking-maps |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/vim.profile b/etc/vim.profile index 1f98a018a..623aa39ff 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Vi IMproved - enhanced vi editor | 2 | # Description: Vi IMproved - enhanced vi editor |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/vim.local | 5 | include vim.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.vim | 9 | noblacklist ${HOME}/.vim |
| 10 | noblacklist ${HOME}/.viminfo | 10 | noblacklist ${HOME}/.viminfo |
| 11 | noblacklist ${HOME}/.vimrc | 11 | noblacklist ${HOME}/.vimrc |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/vimcat.profile b/etc/vimcat.profile index 5067c2fd1..a8f7758e0 100644 --- a/etc/vimcat.profile +++ b/etc/vimcat.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for vimcat | 1 | # Firejail profile for vimcat |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/vimcat.local | 4 | include vimcat.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile index f89a2c112..53a5c6224 100644 --- a/etc/vimdiff.profile +++ b/etc/vimdiff.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for vimdiff | 1 | # Firejail profile for vimdiff |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/vimdiff.local | 4 | include vimdiff.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/vimpager.profile b/etc/vimpager.profile index 9c59cb82f..ef2c20ef1 100644 --- a/etc/vimpager.profile +++ b/etc/vimpager.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # Description: A vim-based script to use as a PAGER | 2 | # Description: A vim-based script to use as a PAGER |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/vimpager.local | 5 | include vimpager.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | # Redirect | 10 | # Redirect |
| 11 | include /etc/firejail/vim.profile | 11 | include vim.profile |
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile index 83851d37e..7330d6da2 100644 --- a/etc/vimtutor.profile +++ b/etc/vimtutor.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for vimtutor | 1 | # Firejail profile for vimtutor |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/vimtutor.local | 4 | include vimtutor.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index c634348c7..1ef44dd5c 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: x86 virtualization solution | 2 | # Description: x86 virtualization solution |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/virtualbox.local | 5 | include virtualbox.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.VirtualBox | 9 | noblacklist ${HOME}/.VirtualBox |
| 10 | noblacklist ${HOME}/.config/VirtualBox | 10 | noblacklist ${HOME}/.config/VirtualBox |
| @@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs | |||
| 13 | noblacklist /usr/lib/virtualbox | 13 | noblacklist /usr/lib/virtualbox |
| 14 | noblacklist /usr/lib64/virtualbox | 14 | noblacklist /usr/lib64/virtualbox |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | mkdir ${HOME}/.config/VirtualBox | 20 | mkdir ${HOME}/.config/VirtualBox |
| 21 | mkdir ${HOME}/VirtualBox VMs | 21 | mkdir ${HOME}/VirtualBox VMs |
| 22 | whitelist ${HOME}/.config/VirtualBox | 22 | whitelist ${HOME}/.config/VirtualBox |
| 23 | whitelist ${HOME}/VirtualBox VMs | 23 | whitelist ${HOME}/VirtualBox VMs |
| 24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | caps.drop all | 28 | caps.drop all |
| 29 | netfilter | 29 | netfilter |
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-beta.profile +++ b/etc/vivaldi-beta.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/vivaldi.profile | 6 | include vivaldi.profile |
diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile index f8691025f..ea4a4009f 100644 --- a/etc/vivaldi-snapshot.profile +++ b/etc/vivaldi-snapshot.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for vivaldi-snapshot | 1 | # Firejail profile for vivaldi-snapshot |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/vivaldi-snapshot.local | 4 | include vivaldi-snapshot.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/vivaldi-snapshot | 8 | noblacklist ${HOME}/.cache/vivaldi-snapshot |
| 9 | noblacklist ${HOME}/.config/vivaldi-snapshot | 9 | noblacklist ${HOME}/.config/vivaldi-snapshot |
| @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot | |||
| 14 | whitelist ${HOME}/.config/vivaldi-snapshot | 14 | whitelist ${HOME}/.config/vivaldi-snapshot |
| 15 | 15 | ||
| 16 | # Redirect | 16 | # Redirect |
| 17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-stable.profile +++ b/etc/vivaldi-stable.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/vivaldi.profile | 6 | include vivaldi.profile |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 8b37ca40b..96f1bd99d 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for vivaldi | 1 | # Firejail profile for vivaldi |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/vivaldi.local | 4 | include vivaldi.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/vivaldi | 8 | noblacklist ${HOME}/.cache/vivaldi |
| 9 | noblacklist ${HOME}/.config/vivaldi | 9 | noblacklist ${HOME}/.config/vivaldi |
| @@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi | |||
| 17 | ignore nodbus | 17 | ignore nodbus |
| 18 | 18 | ||
| 19 | # Redirect | 19 | # Redirect |
| 20 | include /etc/firejail/chromium-common.profile | 20 | include chromium-common.profile |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 594a5944b..d9e8dc338 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Multimedia player and streamer | 2 | # Description: Multimedia player and streamer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/vlc.local | 5 | include vlc.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/vlc | 9 | noblacklist ${HOME}/.cache/vlc |
| 10 | noblacklist ${HOME}/.config/vlc | 10 | noblacklist ${HOME}/.config/vlc |
| @@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc | |||
| 12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
| 13 | noblacklist ${VIDEOS} | 13 | noblacklist ${VIDEOS} |
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 24 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access |
| 25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/vym.profile b/etc/vym.profile index bb044069d..a7b86e355 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Mindmapping tool | 2 | # Description: Mindmapping tool |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/vym.local | 5 | include vym.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/InSilmaril | 9 | noblacklist ${HOME}/.config/InSilmaril |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/w3m.profile b/etc/w3m.profile index 858b30a5f..af39afd89 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: WWW browsable pager with excellent tables/frames support | 2 | # Description: WWW browsable pager with excellent tables/frames support |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/w3m.local | 5 | include w3m.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.w3m | 11 | noblacklist ${HOME}/.w3m |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 632a56074..a5f1f27b2 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: 3D real time strategy game | 2 | # Description: 3D real time strategy game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/warzone2100.local | 5 | include warzone2100.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.warzone2100-3.* | 9 | noblacklist ${HOME}/.warzone2100-3.* |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | # mkdir ${HOME}/.warzone2100-3.1 | 17 | # mkdir ${HOME}/.warzone2100-3.1 |
| 18 | # mkdir ${HOME}/.warzone2100-3.2 | 18 | # mkdir ${HOME}/.warzone2100-3.2 |
| 19 | whitelist ${HOME}/.warzone2100-3.1 | 19 | whitelist ${HOME}/.warzone2100-3.1 |
| 20 | whitelist ${HOME}/.warzone2100-3.2 | 20 | whitelist ${HOME}/.warzone2100-3.2 |
| 21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index fdd299bbf..3dc21958d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for waterfox | 1 | # Firejail profile for waterfox |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/waterfox.local | 4 | include waterfox.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
| 9 | noblacklist ${HOME}/.cache/waterfox | 9 | noblacklist ${HOME}/.cache/waterfox |
| @@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox | |||
| 25 | #private-etc waterfox | 25 | #private-etc waterfox |
| 26 | 26 | ||
| 27 | # Redirect | 27 | # Redirect |
| 28 | include /etc/firejail/firefox-common.profile | 28 | include firefox-common.profile |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 1a77fd833..ef582808b 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for WebStorm | 1 | # Firejail profile for WebStorm |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/webstorm.local | 4 | include webstorm.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.WebStorm* | 8 | noblacklist ${HOME}/.WebStorm* |
| 9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
| @@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling | |||
| 17 | noblacklist ${PATH}/node | 17 | noblacklist ${PATH}/node |
| 18 | noblacklist ${HOME}/.nvm | 18 | noblacklist ${HOME}/.nvm |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
| 24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
| 25 | 25 | ||
| 26 | caps.drop all | 26 | caps.drop all |
| 27 | netfilter | 27 | netfilter |
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile index 0da7d45d6..4e9d6826c 100644 --- a/etc/weechat-curses.profile +++ b/etc/weechat-curses.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/weechat.profile | 6 | include weechat.profile |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 213271367..99b34048f 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
| @@ -2,14 +2,14 @@ | |||
| 2 | # Description: Fast, light and extensible chat client | 2 | # Description: Fast, light and extensible chat client |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/weechat.local | 5 | include weechat.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.weechat | 9 | noblacklist ${HOME}/.weechat |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | 13 | ||
| 14 | caps.drop all | 14 | caps.drop all |
| 15 | netfilter | 15 | netfilter |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 215d2e72d..1261ea2c2 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Fantasy turn-based strategy game | 2 | # Description: Fantasy turn-based strategy game |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/wesnoth.local | 5 | include wesnoth.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/wesnoth | 9 | noblacklist ${HOME}/.cache/wesnoth |
| 10 | noblacklist ${HOME}/.config/wesnoth | 10 | noblacklist ${HOME}/.config/wesnoth |
| 11 | noblacklist ${HOME}/.local/share/wesnoth | 11 | noblacklist ${HOME}/.local/share/wesnoth |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | mkdir ${HOME}/.cache/wesnoth | 19 | mkdir ${HOME}/.cache/wesnoth |
| 20 | mkdir ${HOME}/.config/wesnoth | 20 | mkdir ${HOME}/.config/wesnoth |
| @@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/wesnoth | |||
| 22 | whitelist ${HOME}/.cache/wesnoth | 22 | whitelist ${HOME}/.cache/wesnoth |
| 23 | whitelist ${HOME}/.config/wesnoth | 23 | whitelist ${HOME}/.config/wesnoth |
| 24 | whitelist ${HOME}/.local/share/wesnoth | 24 | whitelist ${HOME}/.local/share/wesnoth |
| 25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
| 26 | 26 | ||
| 27 | caps.drop all | 27 | caps.drop all |
| 28 | nodvd | 28 | nodvd |
diff --git a/etc/wget.profile b/etc/wget.profile index abe2436d7..9ecae527e 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
| @@ -3,19 +3,19 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/wget.local | 6 | include wget.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | noblacklist ${HOME}/.wgetrc | 12 | noblacklist ${HOME}/.wgetrc |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 92ee288dc..38ec5d85d 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | # Local customizations come here | 1 | # Local customizations come here |
| 2 | include /etc/firejail/whitelist-common.local | 2 | include whitelist-common.local |
| 3 | 3 | ||
| 4 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
| 5 | 5 | ||
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc index 024995f20..e2210057b 100644 --- a/etc/whitelist-var-common.inc +++ b/etc/whitelist-var-common.inc | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | # Local customizations come here | 1 | # Local customizations come here |
| 2 | include /etc/firejail/whitelist-var-common.local | 2 | include whitelist-var-common.local |
| 3 | 3 | ||
| 4 | # common /var whitelist for all profiles | 4 | # common /var whitelist for all profiles |
| 5 | 5 | ||
diff --git a/etc/whois.profile b/etc/whois.profile index 3ef2e1476..ee95dda39 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
| @@ -2,18 +2,18 @@ quiet | |||
| 2 | # Firejail profile for whois | 2 | # Firejail profile for whois |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/whois.local | 5 | include whois.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
| 11 | # include /etc/firejail/disable-interpreters.inc | 11 | # include disable-interpreters.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | #include /etc/firejail/disable-xdg.inc | 14 | #include disable-xdg.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | # ipc-namespace | 19 | # ipc-namespace |
diff --git a/etc/wine.profile b/etc/wine.profile index 88cdd2ffc..34c695cf1 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: A compatibility layer for running Windows programs | 2 | # Description: A compatibility layer for running Windows programs |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/wine.local | 5 | include wine.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
| 10 | noblacklist ${HOME}/.local/share/Steam | 10 | noblacklist ${HOME}/.local/share/Steam |
| @@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine | |||
| 14 | # with >=llvm-4 mesa drivers need llvm stuff | 14 | # with >=llvm-4 mesa drivers need llvm stuff |
| 15 | noblacklist /usr/lib/llvm* | 15 | noblacklist /usr/lib/llvm* |
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 64d2cefd5..e6c77ae15 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
| @@ -1,23 +1,23 @@ | |||
| 1 | # Firejail profile for wire-desktop | 1 | # Firejail profile for wire-desktop |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/wire-desktop.local | 4 | include wire-desktop.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/Wire | 8 | noblacklist ${HOME}/.config/Wire |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
| 15 | 15 | ||
| 16 | mkdir ${HOME}/.config/Wire | 16 | mkdir ${HOME}/.config/Wire |
| 17 | whitelist ${HOME}/.config/Wire | 17 | whitelist ${HOME}/.config/Wire |
| 18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-gtk.profile +++ b/etc/wireshark-gtk.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/wireshark.profile | 7 | include wireshark.profile |
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-qt.profile +++ b/etc/wireshark-qt.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/wireshark.profile | 7 | include wireshark.profile |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 330f0140e..cbfe9af48 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Network traffic analyzer | 2 | # Description: Network traffic analyzer |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/wireshark.local | 5 | include wireshark.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/wireshark | 9 | noblacklist ${HOME}/.config/wireshark |
| 10 | noblacklist ${HOME}/.wireshark | 10 | noblacklist ${HOME}/.wireshark |
| @@ -16,14 +16,14 @@ noblacklist /usr/lib/lua | |||
| 16 | noblacklist /usr/include/lua* | 16 | noblacklist /usr/include/lua* |
| 17 | noblacklist /usr/share/lua | 17 | noblacklist /usr/share/lua |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | apparmor | 28 | apparmor |
| 29 | # caps.drop all | 29 | # caps.drop all |
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index ac8f0fe2a..497a8b87c 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for x-terminal-emulator | 1 | # Firejail profile for x-terminal-emulator |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/x-terminal-emulator.local | 4 | include x-terminal-emulator.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | caps.drop all | 8 | caps.drop all |
| 9 | ipc-namespace | 9 | ipc-namespace |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index dd7c66523..038e006d0 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
| @@ -1,18 +1,18 @@ | |||
| 1 | # Firejail profile for xcalc | 1 | # Firejail profile for xcalc |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xcalc.local | 4 | include xcalc.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | 10 | include disable-interpreters.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
| 13 | include /etc/firejail/disable-xdg.inc | 13 | include disable-xdg.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | net none | 18 | net none |
diff --git a/etc/xchat.profile b/etc/xchat.profile index af6da1ac5..a94444aab 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
| @@ -2,15 +2,15 @@ | |||
| 2 | # Description: IRC client for X similar to AmIRC | 2 | # Description: IRC client for X similar to AmIRC |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xchat.local | 5 | include xchat.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/xchat | 9 | noblacklist ${HOME}/.config/xchat |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | caps.drop all | 15 | caps.drop all |
| 16 | nodvd | 16 | nodvd |
diff --git a/etc/xed.profile b/etc/xed.profile index f65b52658..b949f4549 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for xed | 1 | # Firejail profile for xed |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xed.local | 4 | include xed.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/xed | 8 | noblacklist ${HOME}/.config/xed |
| 9 | 9 | ||
| @@ -13,13 +13,13 @@ noblacklist ${PATH}/python3* | |||
| 13 | noblacklist /usr/lib/python2* | 13 | noblacklist /usr/lib/python2* |
| 14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
| 19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
| 23 | 23 | ||
| 24 | # apparmor - makes settings immutable | 24 | # apparmor - makes settings immutable |
| 25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 207e62232..3dc525755 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: CD-burner application for Xfce Desktop Environment | 2 | # Description: CD-burner application for Xfce Desktop Environment |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xfburn.local | 5 | include xfburn.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/xfburn | 9 | noblacklist ${HOME}/.config/xfburn |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index e84c78b24..104249be4 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
| @@ -2,17 +2,17 @@ | |||
| 2 | # Description: Dictionary plugin for Xfce4 panel | 2 | # Description: Dictionary plugin for Xfce4 panel |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xfce4-dict.local | 5 | include xfce4-dict.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/xfce4-dict | 9 | noblacklist ${HOME}/.config/xfce4-dict |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | netfilter |
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 99aeebb7f..73e7d0625 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: Notes application for the Xfce4 desktop | 2 | # Description: Notes application for the Xfce4 desktop |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xfce4-notes.local | 5 | include xfce4-notes.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
| 10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
| 11 | noblacklist ${HOME}/.local/share/notes | 11 | noblacklist ${HOME}/.local/share/notes |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | netfilter | 20 | netfilter |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 703579562..4cdf39af3 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
| @@ -2,24 +2,24 @@ | |||
| 2 | # Description: Environment for Bible reading, study, and research | 2 | # Description: Environment for Bible reading, study, and research |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xiphos.local | 5 | include xiphos.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.sword | 11 | noblacklist ${HOME}/.sword |
| 12 | noblacklist ${HOME}/.xiphos | 12 | noblacklist ${HOME}/.xiphos |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | whitelist ${HOME}/.sword | 20 | whitelist ${HOME}/.sword |
| 21 | whitelist ${HOME}/.xiphos | 21 | whitelist ${HOME}/.xiphos |
| 22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
| 23 | 23 | ||
| 24 | caps.drop all | 24 | caps.drop all |
| 25 | netfilter | 25 | netfilter |
diff --git a/etc/xmms.profile b/etc/xmms.profile index d016e0c23..e6fe72e94 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile | |||
| @@ -1,19 +1,19 @@ | |||
| 1 | # Firejail profile for xmms | 1 | # Firejail profile for xmms |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xmms.local | 4 | include xmms.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.xmms | 8 | noblacklist ${HOME}/.xmms |
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 7a445f6a5..df4252578 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for xmr-stak | 1 | # Firejail profile for xmr-stak |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xmr-stak.local | 4 | include xmr-stak.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.xmr-stak | 8 | noblacklist ${HOME}/.xmr-stak |
| 9 | noblacklist /usr/lib/llvm* | 9 | noblacklist /usr/lib/llvm* |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
| 17 | 17 | ||
| 18 | mkdir ${HOME}/.xmr-stak | 18 | mkdir ${HOME}/.xmr-stak |
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-glx.profile +++ b/etc/xonotic-glx.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/xonotic.profile | 6 | include xonotic.profile |
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-sdl.profile +++ b/etc/xonotic-sdl.profile | |||
| @@ -3,4 +3,4 @@ | |||
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | # Redirect | 5 | # Redirect |
| 6 | include /etc/firejail/xonotic.profile | 6 | include xonotic.profile |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index a7e8edc0f..4987d9ba7 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
| @@ -2,22 +2,22 @@ | |||
| 2 | # Description: A free, fast-paced crossplatform first-person shooter | 2 | # Description: A free, fast-paced crossplatform first-person shooter |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xonotic.local | 5 | include xonotic.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.xonotic | 9 | noblacklist ${HOME}/.xonotic |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | mkdir ${HOME}/.xonotic | 17 | mkdir ${HOME}/.xonotic |
| 18 | whitelist ${HOME}/.xonotic | 18 | whitelist ${HOME}/.xonotic |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 21 | 21 | ||
| 22 | caps.drop all | 22 | caps.drop all |
| 23 | netfilter | 23 | netfilter |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index c12a3437c..ec76060fa 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
| @@ -2,21 +2,21 @@ | |||
| 2 | # Description: Portable Document Format (PDF) reader | 2 | # Description: Portable Document Format (PDF) reader |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xpdf.local | 5 | include xpdf.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.xpdfrc | 9 | noblacklist ${HOME}/.xpdfrc |
| 10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | machine-id | 22 | machine-id |
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile index a422b9989..78252c134 100644 --- a/etc/xplayer-audio-preview.profile +++ b/etc/xplayer-audio-preview.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for xplayer-audio-preview | 1 | # Firejail profile for xplayer-audio-preview |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xplayer-audio-preview.local | 4 | include xplayer-audio-preview.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile index 1ec5250bf..ac8986c69 100644 --- a/etc/xplayer-video-thumbnailer.profile +++ b/etc/xplayer-video-thumbnailer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for xplayer-video-thumbnailer | 1 | # Firejail profile for xplayer-video-thumbnailer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xplayer-video-thumbnailer.local | 4 | include xplayer-video-thumbnailer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index f51362b6b..8d4dcf1e3 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for xplayer | 1 | # Firejail profile for xplayer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xplayer.local | 4 | include xplayer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/xplayer | 8 | noblacklist ${HOME}/.config/xplayer |
| 9 | noblacklist ${HOME}/.local/share/xplayer | 9 | noblacklist ${HOME}/.local/share/xplayer |
| @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
| 16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
| 17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
| 22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
| 24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
| 25 | 25 | ||
| 26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
| 27 | 27 | ||
| 28 | # apparmor - makes settings immutable | 28 | # apparmor - makes settings immutable |
| 29 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/xpra.profile b/etc/xpra.profile index 960c493b9..241b64497 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Tool to detach/reattach running X programs | 2 | # Description: Tool to detach/reattach running X programs |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xpra.local | 5 | include xpra.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # | 9 | # |
| 10 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. | 10 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. |
| @@ -22,11 +22,11 @@ noblacklist ${PATH}/python3* | |||
| 22 | noblacklist /usr/lib/python2* | 22 | noblacklist /usr/lib/python2* |
| 23 | noblacklist /usr/lib/python3* | 23 | noblacklist /usr/lib/python3* |
| 24 | 24 | ||
| 25 | include /etc/firejail/disable-common.inc | 25 | include disable-common.inc |
| 26 | include /etc/firejail/disable-devel.inc | 26 | include disable-devel.inc |
| 27 | include /etc/firejail/disable-interpreters.inc | 27 | include disable-interpreters.inc |
| 28 | include /etc/firejail/disable-passwdmgr.inc | 28 | include disable-passwdmgr.inc |
| 29 | include /etc/firejail/disable-programs.inc | 29 | include disable-programs.inc |
| 30 | 30 | ||
| 31 | whitelist /var/lib/xkb | 31 | whitelist /var/lib/xkb |
| 32 | # whitelisting home directory, or including whitelist-common.inc | 32 | # whitelisting home directory, or including whitelist-common.inc |
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile index 4c42c147c..2d7e7644c 100644 --- a/etc/xreader-previewer.profile +++ b/etc/xreader-previewer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for xreader-previewer | 1 | # Firejail profile for xreader-previewer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xreader-previewer.local | 4 | include xreader-previewer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile index bc0bcbb67..d463787e6 100644 --- a/etc/xreader-thumbnailer.profile +++ b/etc/xreader-thumbnailer.profile | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # Firejail profile for xreader-thumbnailer | 1 | # Firejail profile for xreader-thumbnailer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xreader-thumbnailer.local | 4 | include xreader-thumbnailer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | 8 | ||
| 9 | # Redirect | 9 | # Redirect |
| 10 | include /etc/firejail/xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 25e790fe0..6120ac19b 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
| @@ -2,23 +2,23 @@ | |||
| 2 | # Description: Document viewer for files like PDF and Postscript. X-Apps Project. | 2 | # Description: Document viewer for files like PDF and Postscript. X-Apps Project. |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xreader.local | 5 | include xreader.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/xreader | 9 | noblacklist ${HOME}/.cache/xreader |
| 10 | noblacklist ${HOME}/.config/xreader | 10 | noblacklist ${HOME}/.config/xreader |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | # Breaks xreader on Mint 18.3 | 20 | # Breaks xreader on Mint 18.3 |
| 21 | # include /etc/firejail/whitelist-var-common.inc | 21 | # include whitelist-var-common.inc |
| 22 | 22 | ||
| 23 | # apparmor | 23 | # apparmor |
| 24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7ecc1ca0b..2ead137d4 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
| @@ -1,22 +1,22 @@ | |||
| 1 | # Firejail profile for xviewer | 1 | # Firejail profile for xviewer |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/xviewer.local | 4 | include xviewer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
| 9 | noblacklist ${HOME}/.config/xviewer | 9 | noblacklist ${HOME}/.config/xviewer |
| 10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
| 11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | 18 | ||
| 19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 20 | 20 | ||
| 21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
| 22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/xxd.profile b/etc/xxd.profile index baee905b7..f5072da75 100644 --- a/etc/xxd.profile +++ b/etc/xxd.profile | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | # Description: Tool to make (or reverse) a hex dump | 2 | # Description: Tool to make (or reverse) a hex dump |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/xxd.local | 5 | include xxd.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | 9 | ||
| 10 | # Redirect | 10 | # Redirect |
| 11 | include /etc/firejail/vim.profile | 11 | include vim.profile |
diff --git a/etc/xz.profile b/etc/xz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xz.profile +++ b/etc/xz.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzcat.profile b/etc/xzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcat.profile +++ b/etc/xzcat.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcmp.profile +++ b/etc/xzcmp.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 796c1d642..85d84f215 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
| @@ -3,10 +3,10 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/xzdec.local | 6 | include xzdec.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | # added by included default.profile | 8 | # added by included default.profile |
| 9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
| 10 | 10 | ||
| 11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
| 12 | 12 | ||
| @@ -23,4 +23,4 @@ tracelog | |||
| 23 | 23 | ||
| 24 | private-dev | 24 | private-dev |
| 25 | 25 | ||
| 26 | include /etc/firejail/default.profile | 26 | include default.profile |
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzdiff.profile +++ b/etc/xzdiff.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzegrep.profile +++ b/etc/xzegrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzfgrep.profile +++ b/etc/xzfgrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzgrep.profile +++ b/etc/xzgrep.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzless.profile b/etc/xzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzless.profile +++ b/etc/xzless.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzmore.profile b/etc/xzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzmore.profile +++ b/etc/xzmore.profile | |||
| @@ -4,4 +4,4 @@ | |||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | # Redirect | 6 | # Redirect |
| 7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile index fdb7694a5..680bef677 100644 --- a/etc/yandex-browser.profile +++ b/etc/yandex-browser.profile | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # Firejail profile for yandex-browser | 1 | # Firejail profile for yandex-browser |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/yandex-browser.local | 4 | include yandex-browser.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.cache/yandex-browser | 8 | noblacklist ${HOME}/.cache/yandex-browser |
| 9 | noblacklist ${HOME}/.cache/yandex-browser-beta | 9 | noblacklist ${HOME}/.cache/yandex-browser-beta |
| @@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser | |||
| 20 | whitelist ${HOME}/.config/yandex-browser-beta | 20 | whitelist ${HOME}/.config/yandex-browser-beta |
| 21 | 21 | ||
| 22 | # Redirect | 22 | # Redirect |
| 23 | include /etc/firejail/chromium-common.profile | 23 | include chromium-common.profile |
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 75d4514b6..4eb5349b0 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
| @@ -3,9 +3,9 @@ | |||
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | quiet | 4 | quiet |
| 5 | # Persistent local customizations | 5 | # Persistent local customizations |
| 6 | include /etc/firejail/youtube-dl.local | 6 | include youtube-dl.local |
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include /etc/firejail/globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
| 11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
| @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
| 17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
| 18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
| 23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
| 24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
| 25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
| 26 | 26 | ||
| 27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
| 28 | 28 | ||
| 29 | caps.drop all | 29 | caps.drop all |
| 30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 872719ebc..daa0d9e52 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile | |||
| @@ -2,9 +2,9 @@ | |||
| 2 | # Description: Integrated penetration testing tool for finding vulnerabilities in web applications | 2 | # Description: Integrated penetration testing tool for finding vulnerabilities in web applications |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/zaproxy.local | 5 | include zaproxy.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 10 | noblacklist ${HOME}/.ZAP | 10 | noblacklist ${HOME}/.ZAP |
| @@ -15,17 +15,17 @@ noblacklist /usr/lib/java | |||
| 15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
| 16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
| 21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
| 23 | 23 | ||
| 24 | mkdir ${HOME}/.ZAP | 24 | mkdir ${HOME}/.ZAP |
| 25 | whitelist ${HOME}/.java | 25 | whitelist ${HOME}/.java |
| 26 | whitelist ${HOME}/.ZAP | 26 | whitelist ${HOME}/.ZAP |
| 27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
| 28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
| 29 | 29 | ||
| 30 | caps.drop all | 30 | caps.drop all |
| 31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/zart.profile b/etc/zart.profile index a4b22ed5d..eb9e4d671 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
| @@ -2,19 +2,19 @@ | |||
| 2 | # Description: A GUI for G'MIC real-time manipulations on the output of a webcam | 2 | # Description: A GUI for G'MIC real-time manipulations on the output of a webcam |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/zart.local | 5 | include zart.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
| 10 | noblacklist ${PICTURES} | 10 | noblacklist ${PICTURES} |
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
| 17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
| 18 | 18 | ||
| 19 | caps.drop all | 19 | caps.drop all |
| 20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/zathura.profile b/etc/zathura.profile index c1785e332..6f86310d7 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
| @@ -2,20 +2,20 @@ | |||
| 2 | # Description: Document viewer with a minimalistic interface | 2 | # Description: Document viewer with a minimalistic interface |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/zathura.local | 5 | include zathura.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/zathura | 9 | noblacklist ${HOME}/.config/zathura |
| 10 | noblacklist ${HOME}/.local/share/zathura | 10 | noblacklist ${HOME}/.local/share/zathura |
| 11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
| 18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | machine-id | 21 | machine-id |
diff --git a/etc/zoom.profile b/etc/zoom.profile index 419c25f18..4fbf7ca01 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
| @@ -1,21 +1,21 @@ | |||
| 1 | # Firejail profile for zoom | 1 | # Firejail profile for zoom |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/zoom.local | 4 | include zoom.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/zoomus.conf | 8 | noblacklist ${HOME}/.config/zoomus.conf |
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
| 14 | 14 | ||
| 15 | mkdir ${HOME}/.zoom | 15 | mkdir ${HOME}/.zoom |
| 16 | whitelist ${HOME}/.cache/zoom | 16 | whitelist ${HOME}/.cache/zoom |
| 17 | whitelist ${HOME}/.zoom | 17 | whitelist ${HOME}/.zoom |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | netfilter | 21 | netfilter |