diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-03-29 09:03:19 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-03-29 09:03:19 -0400 |
| commit | 8e66c46ea814b2f3ca48008c3db5904567ba7609 (patch) | |
| tree | f9d41af436e4176cfb2ef5ca56329236e1748517 | |
| parent | blacklist nemo config (file manager for Cinnamon) (diff) | |
| download | firejail-8e66c46ea814b2f3ca48008c3db5904567ba7609.tar.gz firejail-8e66c46ea814b2f3ca48008c3db5904567ba7609.tar.zst firejail-8e66c46ea814b2f3ca48008c3db5904567ba7609.zip | |
bringing back ~/.cache in all profiles
45 files changed, 153 insertions, 0 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index d4f06f732..a6a763ae0 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
| @@ -3,6 +3,7 @@ | |||
| 3 | include /etc/firejail/0ad.local | 3 | include /etc/firejail/0ad.local |
| 4 | 4 | ||
| 5 | # Firejail profile for 0ad. | 5 | # Firejail profile for 0ad. |
| 6 | noblacklist ~/.cache/0ad | ||
| 6 | noblacklist ~/.config/0ad | 7 | noblacklist ~/.config/0ad |
| 7 | noblacklist ~/.local/share/0ad | 8 | noblacklist ~/.local/share/0ad |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -17,6 +18,9 @@ whitelist ~/.config/0ad | |||
| 17 | mkdir ~/.local/share/0ad | 18 | mkdir ~/.local/share/0ad |
| 18 | whitelist ~/.local/share/0ad | 19 | whitelist ~/.local/share/0ad |
| 19 | 20 | ||
| 21 | mkdir ~/.cache/0ad | ||
| 22 | whitelist ~/.cache/0ad | ||
| 23 | |||
| 20 | caps.drop all | 24 | caps.drop all |
| 21 | netfilter | 25 | netfilter |
| 22 | nogroups | 26 | nogroups |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 3b60750d5..b9a30d6bf 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/abrowser.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Abrowser | 5 | # Firejail profile for Abrowser |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -21,6 +22,8 @@ tracelog | |||
| 21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.mozilla | 23 | mkdir ~/.mozilla |
| 23 | whitelist ~/.mozilla | 24 | whitelist ~/.mozilla |
| 25 | mkdir ~/.cache/mozilla/abrowser | ||
| 26 | whitelist ~/.cache/mozilla/abrowser | ||
| 24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
| 25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
| 26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
| @@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
| 29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
| 30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
| 31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
| 33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
| 34 | 38 | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index ce823e0db..995c0001b 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/chromium.local | |||
| 4 | 4 | ||
| 5 | # Chromium browser profile | 5 | # Chromium browser profile |
| 6 | noblacklist ~/.config/chromium | 6 | noblacklist ~/.config/chromium |
| 7 | noblacklist ~/.cache/chromium | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -17,6 +18,8 @@ netfilter | |||
| 17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 18 | mkdir ~/.config/chromium | 19 | mkdir ~/.config/chromium |
| 19 | whitelist ~/.config/chromium | 20 | whitelist ~/.config/chromium |
| 21 | mkdir ~/.cache/chromium | ||
| 22 | whitelist ~/.cache/chromium | ||
| 20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
| 22 | 25 | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index d9896e4a7..a79303f77 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/cyberfox.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) | 5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) |
| 6 | noblacklist ~/.8pecxstudios | 6 | noblacklist ~/.8pecxstudios |
| 7 | noblacklist ~/.cache/8pecxstudios | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -21,6 +22,8 @@ tracelog | |||
| 21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.8pecxstudios | 23 | mkdir ~/.8pecxstudios |
| 23 | whitelist ~/.8pecxstudios | 24 | whitelist ~/.8pecxstudios |
| 25 | mkdir ~/.cache/8pecxstudios | ||
| 26 | whitelist ~/.cache/8pecxstudios | ||
| 24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
| 25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
| 26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
| @@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
| 29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
| 30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
| 31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
| 33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
| 34 | 38 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 946a170ac..c31b92d1f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -261,3 +261,43 @@ blacklist ${HOME}/.xpdfrc | |||
| 261 | blacklist ${HOME}/.zoom | 261 | blacklist ${HOME}/.zoom |
| 262 | blacklist ${HOME}/wallet.dat | 262 | blacklist ${HOME}/wallet.dat |
| 263 | blacklist /tmp/ssh-* | 263 | blacklist /tmp/ssh-* |
| 264 | |||
| 265 | # ~/.cache directory | ||
| 266 | blacklist ${HOME}/.cache/0ad | ||
| 267 | blacklist ${HOME}/.cache/8pecxstudios | ||
| 268 | blacklist ${HOME}/.cache/Franz | ||
| 269 | blacklist ${HOME}/.cache/INRIA | ||
| 270 | blacklist ${HOME}/.cache/QuiteRss | ||
| 271 | blacklist ${HOME}/.cache/champlain | ||
| 272 | blacklist ${HOME}/.cache/chromium | ||
| 273 | blacklist ${HOME}/.cache/qupzilla | ||
| 274 | blacklist ${HOME}/.cache/chromium-dev | ||
| 275 | blacklist ${HOME}/.cache/darktable | ||
| 276 | blacklist ${HOME}/.cache/epiphany | ||
| 277 | blacklist ${HOME}/.cache/evolution | ||
| 278 | blacklist ${HOME}/.cache/gajim | ||
| 279 | blacklist ${HOME}/.cache/geeqie | ||
| 280 | blacklist ${HOME}/.cache/google-chrome | ||
| 281 | blacklist ${HOME}/.cache/google-chrome-beta | ||
| 282 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
| 283 | blacklist ${HOME}/.cache/icedove | ||
| 284 | blacklist ${HOME}/.cache/inox | ||
| 285 | blacklist ${HOME}/.cache/libgweather | ||
| 286 | blacklist ${HOME}/.cache/midori | ||
| 287 | blacklist ${HOME}/.cache/mozilla | ||
| 288 | blacklist ${HOME}/.cache/mutt | ||
| 289 | blacklist ${HOME}/.cache/netsurf | ||
| 290 | blacklist ${HOME}/.cache/opera | ||
| 291 | blacklist ${HOME}/.cache/opera-beta | ||
| 292 | blacklist ${HOME}/.cache/org.gnome.Books | ||
| 293 | blacklist ${HOME}/.cache/qutebrowser | ||
| 294 | blacklist ${HOME}/.cache/simple-scan | ||
| 295 | blacklist ${HOME}/.cache/slimjet | ||
| 296 | blacklist ${HOME}/.cache/spotify | ||
| 297 | blacklist ${HOME}/.cache/telepathy | ||
| 298 | blacklist ${HOME}/.cache/thunderbird | ||
| 299 | blacklist ${HOME}/.cache/torbrowser | ||
| 300 | blacklist ${HOME}/.cache/transmission | ||
| 301 | blacklist ${HOME}/.cache/vivaldi | ||
| 302 | blacklist ${HOME}/.cache/wesnoth | ||
| 303 | blacklist ${HOME}/.cache/xreader | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 0b281c448..a80c50f56 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/epiphany.local | |||
| 5 | # Epiphany browser profile | 5 | # Epiphany browser profile |
| 6 | noblacklist ${HOME}/.config/epiphany | 6 | noblacklist ${HOME}/.config/epiphany |
| 7 | noblacklist ${HOME}/.local/share/epiphany | 7 | noblacklist ${HOME}/.local/share/epiphany |
| 8 | noblacklist ${HOME}/.cache/epiphany | ||
| 8 | 9 | ||
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| @@ -15,6 +16,8 @@ mkdir ${HOME}/.local/share/epiphany | |||
| 15 | whitelist ${HOME}/.local/share/epiphany | 16 | whitelist ${HOME}/.local/share/epiphany |
| 16 | mkdir ${HOME}/.config/epiphany | 17 | mkdir ${HOME}/.config/epiphany |
| 17 | whitelist ${HOME}/.config/epiphany | 18 | whitelist ${HOME}/.config/epiphany |
| 19 | mkdir ${HOME}/.cache/epiphany | ||
| 20 | whitelist ${HOME}/.cache/epiphany | ||
| 18 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
| 19 | 22 | ||
| 20 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/evolution.profile b/etc/evolution.profile index 637ac334a..cb6615716 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/evolution.local | |||
| 5 | # evolution profile | 5 | # evolution profile |
| 6 | noblacklist ~/.config/evolution | 6 | noblacklist ~/.config/evolution |
| 7 | noblacklist ~/.local/share/evolution | 7 | noblacklist ~/.local/share/evolution |
| 8 | noblacklist ~/.cache/evolution | ||
| 8 | noblacklist ~/.pki | 9 | noblacklist ~/.pki |
| 9 | noblacklist ~/.pki/nssdb | 10 | noblacklist ~/.pki/nssdb |
| 10 | noblacklist ~/.gnupg | 11 | noblacklist ~/.gnupg |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 20acde62a..3b55d4700 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/firefox.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 7 | noblacklist ~/.config/qpdfview | 8 | noblacklist ~/.config/qpdfview |
| 8 | noblacklist ~/.local/share/qpdfview | 9 | noblacklist ~/.local/share/qpdfview |
| 9 | noblacklist ~/.kde/share/apps/okular | 10 | noblacklist ~/.kde/share/apps/okular |
| @@ -24,6 +25,8 @@ tracelog | |||
| 24 | whitelist ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
| 25 | mkdir ~/.mozilla | 26 | mkdir ~/.mozilla |
| 26 | whitelist ~/.mozilla | 27 | whitelist ~/.mozilla |
| 28 | mkdir ~/.cache/mozilla/firefox | ||
| 29 | whitelist ~/.cache/mozilla/firefox | ||
| 27 | whitelist ~/dwhelper | 30 | whitelist ~/dwhelper |
| 28 | whitelist ~/.zotero | 31 | whitelist ~/.zotero |
| 29 | whitelist ~/.vimperatorrc | 32 | whitelist ~/.vimperatorrc |
| @@ -32,6 +35,7 @@ whitelist ~/.pentadactylrc | |||
| 32 | whitelist ~/.pentadactyl | 35 | whitelist ~/.pentadactyl |
| 33 | whitelist ~/.keysnail.js | 36 | whitelist ~/.keysnail.js |
| 34 | whitelist ~/.config/gnome-mplayer | 37 | whitelist ~/.config/gnome-mplayer |
| 38 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 35 | mkdir ~/.pki | 39 | mkdir ~/.pki |
| 36 | whitelist ~/.pki | 40 | whitelist ~/.pki |
| 37 | whitelist ~/.lastpass | 41 | whitelist ~/.lastpass |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index a35aa7a33..4dc5b5cfc 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
| @@ -10,6 +10,7 @@ include /etc/firejail/flashpeak-slimjet.local | |||
| 10 | # firejail flashpeak-slimjet --no-sandbox | 10 | # firejail flashpeak-slimjet --no-sandbox |
| 11 | # | 11 | # |
| 12 | noblacklist ~/.config/slimjet | 12 | noblacklist ~/.config/slimjet |
| 13 | noblacklist ~/.cache/slimjet | ||
| 13 | noblacklist ~/.pki | 14 | noblacklist ~/.pki |
| 14 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| @@ -28,6 +29,8 @@ seccomp | |||
| 28 | whitelist ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
| 29 | mkdir ~/.config/slimjet | 30 | mkdir ~/.config/slimjet |
| 30 | whitelist ~/.config/slimjet | 31 | whitelist ~/.config/slimjet |
| 32 | mkdir ~/.cache/slimjet | ||
| 33 | whitelist ~/.cache/slimjet | ||
| 31 | mkdir ~/.pki | 34 | mkdir ~/.pki |
| 32 | whitelist ~/.pki | 35 | whitelist ~/.pki |
| 33 | 36 | ||
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index a33514c88..3caaad71c 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
| @@ -12,5 +12,8 @@ noblacklist ~/.fossamail | |||
| 12 | mkdir ~/.fossamail | 12 | mkdir ~/.fossamail |
| 13 | whitelist ~/.fossamail | 13 | whitelist ~/.fossamail |
| 14 | 14 | ||
| 15 | noblacklist ~/.cache/fossamail | ||
| 16 | mkdir ~/.cache/fossamail | ||
| 17 | whitelist ~/.cache/fossamail | ||
| 15 | 18 | ||
| 16 | include /etc/firejail/firefox.profile | 19 | include /etc/firejail/firefox.profile |
diff --git a/etc/franz.profile b/etc/franz.profile index 1692f4516..05ff72a47 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/franz.local | |||
| 4 | 4 | ||
| 5 | # Franz profile | 5 | # Franz profile |
| 6 | noblacklist ~/.config/Franz | 6 | noblacklist ~/.config/Franz |
| 7 | noblacklist ~/.cache/Franz | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -20,6 +21,8 @@ seccomp | |||
| 20 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 21 | mkdir ~/.config/Franz | 22 | mkdir ~/.config/Franz |
| 22 | whitelist ~/.config/Franz | 23 | whitelist ~/.config/Franz |
| 24 | mkdir ~/.cache/Franz | ||
| 25 | whitelist ~/.cache/Franz | ||
| 23 | mkdir ~/.pki | 26 | mkdir ~/.pki |
| 24 | whitelist ~/.pki | 27 | whitelist ~/.pki |
| 25 | 28 | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index f64d9241a..89bac21d4 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
| @@ -5,7 +5,9 @@ include /etc/firejail/gajim.local | |||
| 5 | # Firejail profile for Gajim | 5 | # Firejail profile for Gajim |
| 6 | noblacklist ${HOME}/.local/share/gajim | 6 | noblacklist ${HOME}/.local/share/gajim |
| 7 | noblacklist ${HOME}/.config/gajim | 7 | noblacklist ${HOME}/.config/gajim |
| 8 | noblacklist ${HOME}/.cache/gajim | ||
| 8 | 9 | ||
| 10 | mkdir ${HOME}/.cache/gajim | ||
| 9 | mkdir ${HOME}/.local/share/gajim | 11 | mkdir ${HOME}/.local/share/gajim |
| 10 | mkdir ${HOME}/.config/gajim | 12 | mkdir ${HOME}/.config/gajim |
| 11 | mkdir ${HOME}/Downloads | 13 | mkdir ${HOME}/Downloads |
| @@ -15,6 +17,7 @@ mkdir ${HOME}/.local/lib/python2.7/site-packages/ | |||
| 15 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ | 17 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ |
| 16 | read-only ${HOME}/.local/lib/python2.7/site-packages/ | 18 | read-only ${HOME}/.local/lib/python2.7/site-packages/ |
| 17 | 19 | ||
| 20 | whitelist ${HOME}/.cache/gajim | ||
| 18 | whitelist ${HOME}/.local/share/gajim | 21 | whitelist ${HOME}/.local/share/gajim |
| 19 | whitelist ${HOME}/.config/gajim | 22 | whitelist ${HOME}/.config/gajim |
| 20 | whitelist ${HOME}/Downloads | 23 | whitelist ${HOME}/Downloads |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 9f79e15b8..cabddc88a 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/geeqie.local | |||
| 5 | # Firejail profile for Geeqie | 5 | # Firejail profile for Geeqie |
| 6 | noblacklist ~/.config/geeqie | 6 | noblacklist ~/.config/geeqie |
| 7 | noblacklist ~/.local/share/geeqie | 7 | noblacklist ~/.local/share/geeqie |
| 8 | noblacklist ~/.cache/geeqie | ||
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 03dd7893c..b61341e7d 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
| @@ -8,6 +8,8 @@ include /etc/firejail/gjs.local | |||
| 8 | 8 | ||
| 9 | noblacklist ~/.config/libreoffice | 9 | noblacklist ~/.config/libreoffice |
| 10 | noblacklist ~/.local/share/gnome-photos | 10 | noblacklist ~/.local/share/gnome-photos |
| 11 | noblacklist ~/.cache/org.gnome.Books | ||
| 12 | noblacklist ~/.cache/libgweather | ||
| 11 | 13 | ||
| 12 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index bf2a9f36f..d7bd5c633 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/gnome-books.local | |||
| 5 | # gnome-books profile | 5 | # gnome-books profile |
| 6 | 6 | ||
| 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 8 | noblacklist ~/.cache/org.gnome.Books | ||
| 8 | 9 | ||
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 3b6bdd130..f1fa1d15f 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/gnome-weather.local | |||
| 5 | # gnome-weather profile | 5 | # gnome-weather profile |
| 6 | 6 | ||
| 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 8 | noblacklist ~/.cache/libgweather | ||
| 8 | 9 | ||
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 65bc42648..3bd16de4a 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/google-chrome-beta.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome beta browser profile | 5 | # Google Chrome beta browser profile |
| 6 | noblacklist ~/.config/google-chrome-beta | 6 | noblacklist ~/.config/google-chrome-beta |
| 7 | noblacklist ~/.cache/google-chrome-beta | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -17,6 +18,8 @@ netfilter | |||
| 17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 18 | mkdir ~/.config/google-chrome-beta | 19 | mkdir ~/.config/google-chrome-beta |
| 19 | whitelist ~/.config/google-chrome-beta | 20 | whitelist ~/.config/google-chrome-beta |
| 21 | mkdir ~/.cache/google-chrome-beta | ||
| 22 | whitelist ~/.cache/google-chrome-beta | ||
| 20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
| 22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 6f6fa1bf2..d2def4f96 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/google-chrome-unstable.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome unstable browser profile | 5 | # Google Chrome unstable browser profile |
| 6 | noblacklist ~/.config/google-chrome-unstable | 6 | noblacklist ~/.config/google-chrome-unstable |
| 7 | noblacklist ~/.cache/google-chrome-unstable | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -17,6 +18,8 @@ netfilter | |||
| 17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 18 | mkdir ~/.config/google-chrome-unstable | 19 | mkdir ~/.config/google-chrome-unstable |
| 19 | whitelist ~/.config/google-chrome-unstable | 20 | whitelist ~/.config/google-chrome-unstable |
| 21 | mkdir ~/.cache/google-chrome-unstable | ||
| 22 | whitelist ~/.cache/google-chrome-unstable | ||
| 20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
| 22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 131538dd9..38feb12a5 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/google-chrome.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome browser profile | 5 | # Google Chrome browser profile |
| 6 | noblacklist ~/.config/google-chrome | 6 | noblacklist ~/.config/google-chrome |
| 7 | noblacklist ~/.cache/google-chrome | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -17,6 +18,8 @@ netfilter | |||
| 17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 18 | mkdir ~/.config/google-chrome | 19 | mkdir ~/.config/google-chrome |
| 19 | whitelist ~/.config/google-chrome | 20 | whitelist ~/.config/google-chrome |
| 21 | mkdir ~/.cache/google-chrome | ||
| 22 | whitelist ~/.cache/google-chrome | ||
| 20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
| 22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 4bd3f3047..64401efe8 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/icecat.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for GNU Icecat | 5 | # Firejail profile for GNU Icecat |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -21,6 +22,8 @@ tracelog | |||
| 21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.mozilla | 23 | mkdir ~/.mozilla |
| 23 | whitelist ~/.mozilla | 24 | whitelist ~/.mozilla |
| 25 | mkdir ~/.cache/mozilla/icecat | ||
| 26 | whitelist ~/.cache/mozilla/icecat | ||
| 24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
| 25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
| 26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
| @@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
| 29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
| 30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
| 31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
| 33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
| 34 | 38 | ||
diff --git a/etc/icedove.profile b/etc/icedove.profile index aae0e3bf5..b5265e992 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
| @@ -14,6 +14,10 @@ noblacklist ~/.icedove | |||
| 14 | mkdir ~/.icedove | 14 | mkdir ~/.icedove |
| 15 | whitelist ~/.icedove | 15 | whitelist ~/.icedove |
| 16 | 16 | ||
| 17 | noblacklist ~/.cache/icedove | ||
| 18 | mkdir ~/.cache/icedove | ||
| 19 | whitelist ~/.cache/icedove | ||
| 20 | |||
| 17 | # allow browsers | 21 | # allow browsers |
| 18 | ignore private-tmp | 22 | ignore private-tmp |
| 19 | include /etc/firejail/firefox.profile | 23 | include /etc/firejail/firefox.profile |
diff --git a/etc/inox.profile b/etc/inox.profile index 6043ded8a..0b2e4ee5e 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/inox.local | |||
| 4 | 4 | ||
| 5 | # Inox browser profile | 5 | # Inox browser profile |
| 6 | noblacklist ~/.config/inox | 6 | noblacklist ~/.config/inox |
| 7 | noblacklist ~/.cache/inox | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -13,6 +14,8 @@ netfilter | |||
| 13 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
| 14 | mkdir ~/.config/inox | 15 | mkdir ~/.config/inox |
| 15 | whitelist ~/.config/inox | 16 | whitelist ~/.config/inox |
| 17 | mkdir ~/.cache/inox | ||
| 18 | whitelist ~/.cache/inox | ||
| 16 | mkdir ~/.pki | 19 | mkdir ~/.pki |
| 17 | whitelist ~/.pki | 20 | whitelist ~/.pki |
| 18 | 21 | ||
diff --git a/etc/iridium.profile b/etc/iridium.profile index dcbd0b84b..2d79a3935 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/iridium.local | |||
| 4 | 4 | ||
| 5 | # Iridium browser profile | 5 | # Iridium browser profile |
| 6 | noblacklist ~/.config/iridium | 6 | noblacklist ~/.config/iridium |
| 7 | noblacklist ~/.cache/iridium | ||
| 7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 9 | 10 | ||
| @@ -16,6 +17,8 @@ netfilter | |||
| 16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 17 | mkdir ~/.config/iridium | 18 | mkdir ~/.config/iridium |
| 18 | whitelist ~/.config/iridium | 19 | whitelist ~/.config/iridium |
| 20 | mkdir ~/.cache/iridium | ||
| 21 | whitelist ~/.cache/iridium | ||
| 19 | mkdir ~/.pki | 22 | mkdir ~/.pki |
| 20 | whitelist ~/.pki | 23 | whitelist ~/.pki |
| 21 | 24 | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index f9d537779..2f0809f02 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ~/mail | |||
| 14 | noblacklist ~/Mail | 14 | noblacklist ~/Mail |
| 15 | noblacklist ~/sent | 15 | noblacklist ~/sent |
| 16 | noblacklist ~/postponed | 16 | noblacklist ~/postponed |
| 17 | noblacklist ~/.cache/mutt | ||
| 17 | noblacklist ~/.w3m | 18 | noblacklist ~/.w3m |
| 18 | noblacklist ~/.elinks | 19 | noblacklist ~/.elinks |
| 19 | noblacklist ~/.vim | 20 | noblacklist ~/.vim |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index a3c360c1e..c217346de 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/netsurf.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
| 6 | noblacklist ~/.config/netsurf | 6 | noblacklist ~/.config/netsurf |
| 7 | noblacklist ~/.cache/netsurf | ||
| 7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| @@ -19,5 +20,7 @@ tracelog | |||
| 19 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 20 | mkdir ~/.config/netsurf | 21 | mkdir ~/.config/netsurf |
| 21 | whitelist ~/.config/netsurf | 22 | whitelist ~/.config/netsurf |
| 23 | mkdir ~/.cache/netsurf | ||
| 24 | whitelist ~/.cache/netsurf | ||
| 22 | 25 | ||
| 23 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 5a0d54744..2782ce8e6 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
| @@ -14,6 +14,8 @@ netfilter | |||
| 14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
| 15 | mkdir ~/.config/opera-beta | 15 | mkdir ~/.config/opera-beta |
| 16 | whitelist ~/.config/opera-beta | 16 | whitelist ~/.config/opera-beta |
| 17 | mkdir ~/.cache/opera | ||
| 18 | whitelist ~/.cache/opera | ||
| 17 | mkdir ~/.pki | 19 | mkdir ~/.pki |
| 18 | whitelist ~/.pki | 20 | whitelist ~/.pki |
| 19 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera.profile b/etc/opera.profile index 4af502060..f903108b3 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/opera.local | |||
| 5 | # Opera browser profile | 5 | # Opera browser profile |
| 6 | noblacklist ~/.config/opera | 6 | noblacklist ~/.config/opera |
| 7 | noblacklist ~/.opera | 7 | noblacklist ~/.opera |
| 8 | noblacklist ~/.cache/opera | ||
| 8 | noblacklist ~/.pki | 9 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| @@ -16,6 +17,8 @@ whitelist ${DOWNLOADS} | |||
| 16 | mkdir ~/.config/opera | 17 | mkdir ~/.config/opera |
| 17 | whitelist ~/.config/opera | 18 | whitelist ~/.config/opera |
| 18 | mkdir ~/.opera | 19 | mkdir ~/.opera |
| 20 | mkdir ~/.cache/opera | ||
| 21 | whitelist ~/.cache/opera | ||
| 19 | whitelist ~/.opera | 22 | whitelist ~/.opera |
| 20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 472d58cee..8cac00e03 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/palemoon.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Pale Moon | 5 | # Firejail profile for Pale Moon |
| 6 | noblacklist ~/.moonchild productions/pale moon | 6 | noblacklist ~/.moonchild productions/pale moon |
| 7 | noblacklist ~/.cache/moonchild productions/pale moon | ||
| 7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| @@ -12,6 +13,8 @@ include /etc/firejail/whitelist-common.inc | |||
| 12 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
| 13 | mkdir ~/.moonchild productions | 14 | mkdir ~/.moonchild productions |
| 14 | whitelist ~/.moonchild productions | 15 | whitelist ~/.moonchild productions |
| 16 | mkdir ~/.cache/moonchild productions/pale moon | ||
| 17 | whitelist ~/.cache/moonchild productions/pale moon | ||
| 15 | 18 | ||
| 16 | caps.drop all | 19 | caps.drop all |
| 17 | netfilter | 20 | netfilter |
| @@ -37,6 +40,7 @@ private-tmp | |||
| 37 | #whitelist ~/.pentadactyl | 40 | #whitelist ~/.pentadactyl |
| 38 | #whitelist ~/.keysnail.js | 41 | #whitelist ~/.keysnail.js |
| 39 | #whitelist ~/.config/gnome-mplayer | 42 | #whitelist ~/.config/gnome-mplayer |
| 43 | #whitelist ~/.cache/gnome-mplayer/plugin | ||
| 40 | #whitelist ~/.pki | 44 | #whitelist ~/.pki |
| 41 | #whitelist ~/.lastpass | 45 | #whitelist ~/.lastpass |
| 42 | 46 | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 52a58322e..834a8b3d6 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
| @@ -15,6 +15,8 @@ mkdir ${HOME}/.local/share/TpLogger | |||
| 15 | whitelist ${HOME}/.local/share/TpLogger | 15 | whitelist ${HOME}/.local/share/TpLogger |
| 16 | mkdir ${HOME}/.config/telepathy-account-widgets | 16 | mkdir ${HOME}/.config/telepathy-account-widgets |
| 17 | whitelist ${HOME}/.config/telepathy-account-widgets | 17 | whitelist ${HOME}/.config/telepathy-account-widgets |
| 18 | mkdir ${HOME}/.cache/telepathy | ||
| 19 | whitelist ${HOME}/.cache/telepathy | ||
| 18 | mkdir ${HOME}/.purple | 20 | mkdir ${HOME}/.purple |
| 19 | whitelist ${HOME}/.purple | 21 | whitelist ${HOME}/.purple |
| 20 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 5106fccb2..45cb22ee4 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
| @@ -14,6 +14,8 @@ mkdir ~/.config/psi+ | |||
| 14 | whitelist ~/.config/psi+ | 14 | whitelist ~/.config/psi+ |
| 15 | mkdir ~/.local/share/psi+ | 15 | mkdir ~/.local/share/psi+ |
| 16 | whitelist ~/.local/share/psi+ | 16 | whitelist ~/.local/share/psi+ |
| 17 | mkdir ~/.cache/psi+ | ||
| 18 | whitelist ~/.cache/psi+ | ||
| 17 | 19 | ||
| 18 | caps.drop all | 20 | caps.drop all |
| 19 | netfilter | 21 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 158425e18..f4e4f96d3 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/quiterss.local | 3 | include /etc/firejail/quiterss.local |
| 4 | 4 | ||
| 5 | noblacklist ${HOME}/.cache/QuiteRss | ||
| 5 | noblacklist ${HOME}/.config/QuiteRss | 6 | noblacklist ${HOME}/.config/QuiteRss |
| 6 | noblacklist ${HOME}/.config/QuiteRssrc | 7 | noblacklist ${HOME}/.config/QuiteRssrc |
| 7 | noblacklist ${HOME}/.local/share/QuiteRss | 8 | noblacklist ${HOME}/.local/share/QuiteRss |
| @@ -18,6 +19,8 @@ whitelist ${HOME}/.config/QuiteRssrc | |||
| 18 | mkdir ~/.local/share/data | 19 | mkdir ~/.local/share/data |
| 19 | mkdir ~/.local/share/data/QuiteRss | 20 | mkdir ~/.local/share/data/QuiteRss |
| 20 | whitelist ${HOME}/.local/share/data/QuiteRss | 21 | whitelist ${HOME}/.local/share/data/QuiteRss |
| 22 | mkdir ~/.cache/QuiteRss | ||
| 23 | whitelist ${HOME}/.cache/QuiteRss | ||
| 21 | 24 | ||
| 22 | caps.drop all | 25 | caps.drop all |
| 23 | netfilter | 26 | netfilter |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 783bc516d..3f5cb60c0 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/qupzilla.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Qupzilla web browser | 5 | # Firejail profile for Qupzilla web browser |
| 6 | noblacklist ${HOME}/.config/qupzilla | 6 | noblacklist ${HOME}/.config/qupzilla |
| 7 | noblacklist ${HOME}/.cache/qupzilla | ||
| 7 | include /etc/firejail/disable-mgmt.inc | 8 | include /etc/firejail/disable-mgmt.inc |
| 8 | include /etc/firejail/disable-secret.inc | 9 | include /etc/firejail/disable-secret.inc |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -16,6 +17,7 @@ tracelog | |||
| 16 | noroot | 17 | noroot |
| 17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 18 | whitelist ~/.config/qupzilla | 19 | whitelist ~/.config/qupzilla |
| 20 | whitelist ~/.cache/qupzilla | ||
| 19 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
| 20 | 22 | ||
| 21 | # experimental features | 23 | # experimental features |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 53be1178c..f43307ef9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/qutebrowser.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser | 5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser |
| 6 | noblacklist ~/.config/qutebrowser | 6 | noblacklist ~/.config/qutebrowser |
| 7 | noblacklist ~/.cache/qutebrowser | ||
| 7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| @@ -19,6 +20,8 @@ tracelog | |||
| 19 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 20 | mkdir ~/.config/qutebrowser | 21 | mkdir ~/.config/qutebrowser |
| 21 | whitelist ~/.config/qutebrowser | 22 | whitelist ~/.config/qutebrowser |
| 23 | mkdir ~/.cache/qutebrowser | ||
| 24 | whitelist ~/.cache/qutebrowser | ||
| 22 | mkdir ~/.local/share/qutebrowser | 25 | mkdir ~/.local/share/qutebrowser |
| 23 | whitelist ~/.local/share/qutebrowser | 26 | whitelist ~/.local/share/qutebrowser |
| 24 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 756700c2f..df1910469 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/seamonkey.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Seamoneky based off Mozilla Firefox | 5 | # Firejail profile for Seamoneky based off Mozilla Firefox |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -21,6 +22,8 @@ tracelog | |||
| 21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.mozilla/seamonkey | 23 | mkdir ~/.mozilla/seamonkey |
| 23 | whitelist ~/.mozilla/seamonkey | 24 | whitelist ~/.mozilla/seamonkey |
| 25 | mkdir ~/.cache/mozilla/seamonkey | ||
| 26 | whitelist ~/.cache/mozilla/seamonkey | ||
| 24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
| 25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
| 26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
| @@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
| 29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
| 30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
| 31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
| 33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
| 34 | include /etc/firejail/whitelist-common.inc | 38 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 0f6d626a5..ee7e50ba7 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
| @@ -3,6 +3,8 @@ | |||
| 3 | include /etc/firejail/simple-scan.local | 3 | include /etc/firejail/simple-scan.local |
| 4 | 4 | ||
| 5 | # simple-scan profile | 5 | # simple-scan profile |
| 6 | noblacklist ~/.cache/simple-scan | ||
| 7 | |||
| 6 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 8 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 23ef75b71..843038a2b 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/spotify.local | |||
| 4 | 4 | ||
| 5 | # Spotify media player profile | 5 | # Spotify media player profile |
| 6 | noblacklist ${HOME}/.config/spotify | 6 | noblacklist ${HOME}/.config/spotify |
| 7 | noblacklist ${HOME}/.cache/spotify | ||
| 7 | noblacklist ${HOME}/.local/share/spotify | 8 | noblacklist ${HOME}/.local/share/spotify |
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| @@ -15,6 +16,8 @@ mkdir ${HOME}/.config/spotify | |||
| 15 | whitelist ${HOME}/.config/spotify | 16 | whitelist ${HOME}/.config/spotify |
| 16 | mkdir ${HOME}/.local/share/spotify | 17 | mkdir ${HOME}/.local/share/spotify |
| 17 | whitelist ${HOME}/.local/share/spotify | 18 | whitelist ${HOME}/.local/share/spotify |
| 19 | mkdir ${HOME}/.cache/spotify | ||
| 20 | whitelist ${HOME}/.cache/spotify | ||
| 18 | 21 | ||
| 19 | caps.drop all | 22 | caps.drop all |
| 20 | netfilter | 23 | netfilter |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index df1a4cdbb..64fe92c1e 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
| @@ -18,6 +18,10 @@ noblacklist ~/.icedove | |||
| 18 | mkdir ~/.icedove | 18 | mkdir ~/.icedove |
| 19 | whitelist ~/.icedove | 19 | whitelist ~/.icedove |
| 20 | 20 | ||
| 21 | noblacklist ~/.cache/thunderbird | ||
| 22 | mkdir ~/.cache/thunderbird | ||
| 23 | whitelist ~/.cache/thunderbird | ||
| 24 | |||
| 21 | # allow browsers | 25 | # allow browsers |
| 22 | ignore private-tmp | 26 | ignore private-tmp |
| 23 | include /etc/firejail/firefox.profile | 27 | include /etc/firejail/firefox.profile |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 5b6bec4c1..dbcc8d041 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/transmission-cli.local | |||
| 4 | 4 | ||
| 5 | # transmission-cli bittorrent profile | 5 | # transmission-cli bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 7 | 8 | ||
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 78ce5fba2..dcd3317ef 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/transmission-gtk.local | |||
| 4 | 4 | ||
| 5 | # transmission-gtk bittorrent profile | 5 | # transmission-gtk bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 7 | 8 | ||
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 2f7fe0714..ed63f7cff 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/transmission-qt.local | |||
| 4 | 4 | ||
| 5 | # transmission-qt bittorrent profile | 5 | # transmission-qt bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 7 | 8 | ||
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 052843882..0b88789b1 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/transmission-show.local | |||
| 4 | 4 | ||
| 5 | # transmission-show profile | 5 | # transmission-show profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 7 | 8 | ||
| 8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index bf6af3926..7ab2e5f70 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/vivaldi.local | 3 | include /etc/firejail/vivaldi.local |
| 4 | noblacklist ~/.cache/vivaldi | ||
| 4 | 5 | ||
| 5 | # Vivaldi browser profile | 6 | # Vivaldi browser profile |
| 6 | noblacklist ~/.config/vivaldi | 7 | noblacklist ~/.config/vivaldi |
| @@ -13,4 +14,6 @@ netfilter | |||
| 13 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
| 14 | mkdir ~/.config/vivaldi | 15 | mkdir ~/.config/vivaldi |
| 15 | whitelist ~/.config/vivaldi | 16 | whitelist ~/.config/vivaldi |
| 17 | mkdir ~/.cache/vivaldi | ||
| 18 | whitelist ~/.cache/vivaldi | ||
| 16 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index fbb381a86..212466f5a 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
| @@ -4,6 +4,7 @@ include /etc/firejail/wesnoth.local | |||
| 4 | 4 | ||
| 5 | # Whitelist-based profile for "Battle for Wesnoth" (game). | 5 | # Whitelist-based profile for "Battle for Wesnoth" (game). |
| 6 | noblacklist ${HOME}/.config/wesnoth | 6 | noblacklist ${HOME}/.config/wesnoth |
| 7 | noblacklist ${HOME}/.cache/wesnoth | ||
| 7 | noblacklist ${HOME}/.local/share/wesnoth | 8 | noblacklist ${HOME}/.local/share/wesnoth |
| 8 | 9 | ||
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| @@ -22,6 +23,8 @@ private-tmp | |||
| 22 | 23 | ||
| 23 | mkdir ${HOME}/.local/share/wesnoth | 24 | mkdir ${HOME}/.local/share/wesnoth |
| 24 | mkdir ${HOME}/.config/wesnoth | 25 | mkdir ${HOME}/.config/wesnoth |
| 26 | mkdir ${HOME}/.cache/wesnoth | ||
| 25 | whitelist ${HOME}/.local/share/wesnoth | 27 | whitelist ${HOME}/.local/share/wesnoth |
| 26 | whitelist ${HOME}/.config/wesnoth | 28 | whitelist ${HOME}/.config/wesnoth |
| 29 | whitelist ${HOME}/.cache/wesnoth | ||
| 27 | include /etc/firejail/whitelist-common.inc | 30 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 516f47041..cf7797100 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
| @@ -19,6 +19,7 @@ whitelist ~/.fonts.conf | |||
| 19 | whitelist ~/.fonts.conf.d | 19 | whitelist ~/.fonts.conf.d |
| 20 | whitelist ~/.local/share/fonts | 20 | whitelist ~/.local/share/fonts |
| 21 | whitelist ~/.config/fontconfig | 21 | whitelist ~/.config/fontconfig |
| 22 | whitelist ~/.cache/fontconfig | ||
| 22 | 23 | ||
| 23 | # gtk | 24 | # gtk |
| 24 | whitelist ~/.gtkrc | 25 | whitelist ~/.gtkrc |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 51dbcad51..31ea14ca3 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/xreader.local | |||
| 5 | # Xreader profile | 5 | # Xreader profile |
| 6 | noblacklist ~/.config/xreader | 6 | noblacklist ~/.config/xreader |
| 7 | noblacklist ~/.local/share | 7 | noblacklist ~/.local/share |
| 8 | noblacklist ~/.cache/xreader | ||
| 8 | 9 | ||
| 9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |