diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-23 16:45:12 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-23 16:45:12 +0200 |
commit | b143fd26eb47de1b0745cf0c11d8ab14a4b4235e (patch) | |
tree | 7de013b8691f69a6d23691fdb823241de6087b2b | |
parent | promote /run/udev/data to wrc (diff) | |
download | firejail-b143fd26eb47de1b0745cf0c11d8ab14a4b4235e.tar.gz firejail-b143fd26eb47de1b0745cf0c11d8ab14a4b4235e.tar.zst firejail-b143fd26eb47de1b0745cf0c11d8ab14a4b4235e.zip |
add wrc to several profiles
-rw-r--r-- | etc/profile-a-l/akonadi_control.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/akregator.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/ark.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/audacious.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/baloo_file.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/dragon.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/falkon.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gimp.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gwenview.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/inkscape.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kaffeine.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kate.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kcalc.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kdiff3.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/kget.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kmail.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/konversation.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/ktorrent.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kwin_x11.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kwrite.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/libreoffice.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/okular.profile | 1 |
22 files changed, 23 insertions, 0 deletions
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 168e81985..f3fb678d1 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -27,6 +27,7 @@ include disable-exec.inc | |||
27 | include disable-interpreters.inc | 27 | include disable-interpreters.inc |
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | 29 | ||
30 | include whitelist-run-common.inc | ||
30 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
31 | 32 | ||
32 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. | 33 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index d1e7df37b..39008d67a 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -25,6 +25,7 @@ whitelist ${HOME}/.local/share/akregator | |||
25 | whitelist ${HOME}/.local/share/kssl | 25 | whitelist ${HOME}/.local/share/kssl |
26 | whitelist ${HOME}/.local/share/kxmlgui5/akregator | 26 | whitelist ${HOME}/.local/share/kxmlgui5/akregator |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-run-common.inc | ||
28 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
29 | 30 | ||
30 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 45071dc62..a26592f3a 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -16,6 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /usr/share/ark | 18 | whitelist /usr/share/ark |
19 | include whitelist-run-common.inc | ||
19 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
21 | 22 | ||
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index d71370b7e..e9ecdd72e 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -17,6 +17,7 @@ include disable-interpreters.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include whitelist-run-common.inc | ||
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
21 | 22 | ||
22 | apparmor | 23 | apparmor |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 252016bec..55d2453d8 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -25,6 +25,7 @@ include disable-exec.inc | |||
25 | include disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include disable-programs.inc | 26 | include disable-programs.inc |
27 | 27 | ||
28 | include whitelist-run-common.inc | ||
28 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
29 | 30 | ||
30 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 26243ab4e..d5591adfb 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -19,6 +19,7 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/dragonplayer | 21 | whitelist /usr/share/dragonplayer |
22 | include whitelist-run-common.inc | ||
22 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 62ea449a6..03d6b30a1 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -23,6 +23,7 @@ whitelist ${HOME}/.cache/falkon | |||
23 | whitelist ${HOME}/.config/falkon | 23 | whitelist ${HOME}/.config/falkon |
24 | whitelist /usr/share/falkon | 24 | whitelist /usr/share/falkon |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-run-common.inc | ||
26 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index df9c2ac7a..28070cb9c 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -39,6 +39,7 @@ whitelist /usr/share/gegl-0.4 | |||
39 | whitelist /usr/share/gimp | 39 | whitelist /usr/share/gimp |
40 | whitelist /usr/share/mypaint-data | 40 | whitelist /usr/share/mypaint-data |
41 | whitelist /usr/share/lensfun | 41 | whitelist /usr/share/lensfun |
42 | include whitelist-run-common.inc | ||
42 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
43 | include whitelist-var-common.inc | 44 | include whitelist-var-common.inc |
44 | 45 | ||
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 8becf6d84..d98d341ae 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -25,6 +25,7 @@ include disable-interpreters.inc | |||
25 | include disable-programs.inc | 25 | include disable-programs.inc |
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | 27 | ||
28 | include whitelist-run-common.inc | ||
28 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
29 | 30 | ||
30 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index e0015e69a..016a4d6c8 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -29,6 +29,7 @@ include disable-programs.inc | |||
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/inkscape | 31 | whitelist /usr/share/inkscape |
32 | include whitelist-run-common.inc | ||
32 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 34 | include whitelist-var-common.inc |
34 | 35 | ||
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index 8799a6f24..e74c57546 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -22,6 +22,7 @@ include disable-interpreters.inc | |||
22 | include disable-programs.inc | 22 | include disable-programs.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include whitelist-run-common.inc | ||
25 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
26 | 27 | ||
27 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index d8b2dddb1..8c340d536 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -29,6 +29,7 @@ include disable-exec.inc | |||
29 | # include disable-interpreters.inc | 29 | # include disable-interpreters.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | include whitelist-run-common.inc | ||
32 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
33 | 34 | ||
34 | # apparmor | 35 | # apparmor |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index c551dbdbe..06978cbf1 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -28,6 +28,7 @@ whitelist /usr/share/config.kcfg/kcalc.kcfg | |||
28 | whitelist /usr/share/kcalc | 28 | whitelist /usr/share/kcalc |
29 | whitelist /usr/share/kconf_update/kcalcrc.upd | 29 | whitelist /usr/share/kconf_update/kcalcrc.upd |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-run-common.inc | ||
31 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 34 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index fa50b0a20..df7ee31dc 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -23,6 +23,8 @@ include disable-interpreters.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | # Add the next line to your kdiff3.local if you don't need to compare files in /run. | ||
27 | #include whitelist-run-common.inc | ||
26 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
27 | # Add the next line to your kdiff3.local if you don't need to compare files in /usr/share. | 29 | # Add the next line to your kdiff3.local if you don't need to compare files in /usr/share. |
28 | #include whitelist-usr-share-common.inc | 30 | #include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index ec315b431..9b6646725 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -20,6 +20,7 @@ include disable-exec.inc | |||
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | include whitelist-run-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 2c645677c..0796e6876 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -37,6 +37,7 @@ include disable-exec.inc | |||
37 | include disable-interpreters.inc | 37 | include disable-interpreters.inc |
38 | include disable-programs.inc | 38 | include disable-programs.inc |
39 | 39 | ||
40 | include whitelist-run-common.inc | ||
40 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
41 | 42 | ||
42 | # apparmor | 43 | # apparmor |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 723fef0d2..1121dc8a5 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -20,6 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include whitelist-run-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 9d8aa1bd7..6e3b0c875 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -37,6 +37,7 @@ whitelist ${HOME}/.kde4/share/config/ktorrentrc | |||
37 | whitelist ${HOME}/.local/share/ktorrent | 37 | whitelist ${HOME}/.local/share/ktorrent |
38 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent | 38 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-run-common.inc | ||
40 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
41 | 42 | ||
42 | caps.drop all | 43 | caps.drop all |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 32e9870e5..0b8763c29 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -21,6 +21,7 @@ include disable-programs.inc | |||
21 | include disable-shell.inc | 21 | include disable-shell.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | include whitelist-run-common.inc | ||
24 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
25 | 26 | ||
26 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index cd5ce7034..aff6f3181 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -24,6 +24,7 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | include whitelist-run-common.inc | ||
27 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
28 | 29 | ||
29 | apparmor | 30 | apparmor |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index 328307705..12ff79748 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -21,6 +21,7 @@ include disable-devel.inc | |||
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | include whitelist-run-common.inc | ||
24 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
25 | 26 | ||
26 | # Debian 10/Ubuntu 18.04 come with their own apparmor profile, but it is not in enforce mode. | 27 | # Debian 10/Ubuntu 18.04 come with their own apparmor profile, but it is not in enforce mode. |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 0a200b46e..fb28ad89f 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -36,6 +36,7 @@ whitelist /usr/share/kconf_update/okular.upd | |||
36 | whitelist /usr/share/kxmlgui5/okular | 36 | whitelist /usr/share/kxmlgui5/okular |
37 | whitelist /usr/share/okular | 37 | whitelist /usr/share/okular |
38 | whitelist /usr/share/poppler | 38 | whitelist /usr/share/poppler |
39 | include whitelist-run-common.inc | ||
39 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |