aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2018-02-11 15:27:30 -0500
committerLibravatar Tad <tad@spotco.us>2018-02-11 16:50:52 -0500
commitdf2f568041fd926a217812523399b059bc888233 (patch)
tree462aefab783de40936af472d51f79518ca861d86
parentupdate various application blacklists (diff)
downloadfirejail-df2f568041fd926a217812523399b059bc888233.tar.gz
firejail-df2f568041fd926a217812523399b059bc888233.tar.zst
firejail-df2f568041fd926a217812523399b059bc888233.zip
Unify all Chromium and Firefox based browser profiles as part of #1773
Diffstat
-rw-r--r--etc/abrowser.profile36
-rw-r--r--etc/bnox.profile23
-rw-r--r--etc/brave.profile26
-rw-r--r--etc/chromium-common.profile32
-rw-r--r--etc/chromium.profile24
-rw-r--r--etc/cliqz.profile78
-rw-r--r--etc/cyberfox.profile57
-rw-r--r--etc/dnox.profile23
-rw-r--r--etc/firefox-common.profile85
-rw-r--r--etc/firefox.profile77
-rw-r--r--etc/flashpeak-slimjet.profile26
-rw-r--r--etc/google-chrome-beta.profile23
-rw-r--r--etc/google-chrome-unstable.profile23
-rw-r--r--etc/google-chrome.profile25
-rw-r--r--etc/icecat.profile39
-rw-r--r--etc/inox.profile23
-rw-r--r--etc/iridium.profile24
-rw-r--r--etc/opera-beta.profile17
-rw-r--r--etc/opera.profile16
-rw-r--r--etc/palemoon.profile45
-rw-r--r--etc/vivaldi.profile22
-rw-r--r--etc/waterfox.profile68
-rw-r--r--etc/yandex-browser.profile24
23 files changed, 170 insertions, 666 deletions
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 5c964bad1..01f60b559 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -7,42 +7,14 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/mozilla/abrowser 11mkdir ${HOME}/.cache/mozilla/abrowser
17mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/gnome-mplayer/plugin
20whitelist ${HOME}/.cache/mozilla/abrowser 13whitelist ${HOME}/.cache/mozilla/abrowser
21whitelist ${HOME}/.config/gnome-mplayer
22whitelist ${HOME}/.config/pipelight-silverlight5.1
23whitelist ${HOME}/.config/pipelight-widevine
24whitelist ${HOME}/.keysnail.js
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
27whitelist ${HOME}/.pentadactyl
28whitelist ${HOME}/.pentadactylrc
29whitelist ${HOME}/.pki
30whitelist ${HOME}/.vimperator
31whitelist ${HOME}/.vimperatorrc
32whitelist ${HOME}/.wine-pipelight
33whitelist ${HOME}/.wine-pipelight64
34whitelist ${HOME}/.zotero
35whitelist ${HOME}/dwhelper
36include /etc/firejail/whitelist-common.inc
37 15
38caps.drop all 16# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,abrowser,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
39netfilter 17
40nodvd
41nonewprivs
42noroot
43notv
44protocol unix,inet,inet6,netlink
45seccomp
46tracelog
47 18
48# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 19# Redirect
20include /etc/firejail/firefox-common.profile
diff --git a/etc/bnox.profile b/etc/bnox.profile
index 4270755c8..3207a2923 100644
--- a/etc/bnox.profile
+++ b/etc/bnox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/bnox 8noblacklist ${HOME}/.cache/bnox
9noblacklist ${HOME}/.config/bnox 9noblacklist ${HOME}/.config/bnox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/bnox 11mkdir ${HOME}/.cache/bnox
16mkdir ${HOME}/.config/bnox 12mkdir ${HOME}/.config/bnox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/bnox 13whitelist ${HOME}/.cache/bnox
20whitelist ${HOME}/.config/bnox 14whitelist ${HOME}/.config/bnox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/brave.profile b/etc/brave.profile
index 668e8a244..cef1d0951 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -8,31 +8,9 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.config/brave 8noblacklist ${HOME}/.config/brave
9# brave uses gpg for built-in password manager 9# brave uses gpg for built-in password manager
10noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.config/brave 12mkdir ${HOME}/.config/brave
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.config/KeePass
21whitelist ${HOME}/.config/brave 13whitelist ${HOME}/.config/brave
22whitelist ${HOME}/.config/keepass
23whitelist ${HOME}/.config/lastpass
24whitelist ${HOME}/.keepass
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.pki
27include /etc/firejail/whitelist-common.inc
28
29# caps.drop all
30netfilter
31# nonewprivs
32# noroot
33nodvd
34notv
35# protocol unix,inet,inet6,netlink
36# seccomp
37 14
38disable-mnt 15# Redirect
16include /etc/firejail/chromium-common.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
new file mode 100644
index 000000000..5c5215309
--- /dev/null
+++ b/etc/chromium-common.profile
@@ -0,0 +1,32 @@
1# Firejail profile for chromium-common
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/chromium-common.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.pki
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc
13
14mkdir ${HOME}/.pki
15whitelist ${DOWNLOADS}
16whitelist ${HOME}/.pki
17include /etc/firejail/whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc
19
20caps.keep sys_chroot,sys_admin
21netfilter
22nodvd
23nogroups
24notv
25shell none
26
27disable-mnt
28private-dev
29# private-tmp - problems with multiple browser sessions
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 64d790121..ad9f9af33 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -8,34 +8,14 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/chromium 8noblacklist ${HOME}/.cache/chromium
9noblacklist ${HOME}/.config/chromium 9noblacklist ${HOME}/.config/chromium
10noblacklist ${HOME}/.config/chromium-flags.conf 10noblacklist ${HOME}/.config/chromium-flags.conf
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.cache/chromium 12mkdir ${HOME}/.cache/chromium
18mkdir ${HOME}/.config/chromium 13mkdir ${HOME}/.config/chromium
19mkdir ${HOME}/.pki
20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/chromium 14whitelist ${HOME}/.cache/chromium
22whitelist ${HOME}/.config/chromium 15whitelist ${HOME}/.config/chromium
23whitelist ${HOME}/.config/chromium-flags.conf 16whitelist ${HOME}/.config/chromium-flags.conf
24whitelist ${HOME}/.pki
25include /etc/firejail/whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc
27
28caps.keep sys_chroot,sys_admin
29netfilter
30nodvd
31nogroups
32notv
33shell none
34 17
35disable-mnt
36# private-bin chromium,chromium-browser,chromedriver 18# private-bin chromium,chromium-browser,chromedriver
37private-dev
38# private-tmp - problems with multiple browser sessions
39 19
40noexec ${HOME} 20# Redirect
41noexec /tmp 21include /etc/firejail/chromium-common.profile
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index 086dfa233..b4e299337 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -7,77 +7,13 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9noblacklist ${HOME}/.config/cliqz 9noblacklist ${HOME}/.config/cliqz
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/okularpartrc
15noblacklist ${HOME}/.kde/share/config/okularrc
16noblacklist ${HOME}/.kde4/share/apps/okular
17noblacklist ${HOME}/.kde4/share/config/okularpartrc
18noblacklist ${HOME}/.kde4/share/config/okularrc
19# noblacklist ${HOME}/.local/share/gnome-shell/extensions
20noblacklist ${HOME}/.local/share/okular
21noblacklist ${HOME}/.local/share/qpdfview
22 10
23noblacklist ${HOME}/.pki 11mkdir ${HOME}/.cache/cliqz
12mkdir ${HOME}/.config/cliqz
13whitelist ${HOME}/.cache/cliqz
14whitelist ${HOME}/.config/cliqz
24 15
25include /etc/firejail/disable-common.inc 16# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,cliqz,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
26include /etc/firejail/disable-devel.inc
27include /etc/firejail/disable-programs.inc
28 17
29mkdir ${HOME}/.cache/mozilla/firefox 18# Redirect
30mkdir ${HOME}/.mozilla 19include /etc/firejail/firefox-common.profile
31mkdir ${HOME}/.pki
32whitelist ${DOWNLOADS}
33whitelist ${HOME}/.cache/gnome-mplayer/plugin
34whitelist ${HOME}/.cache/mozilla/firefox
35whitelist ${HOME}/.config/gnome-mplayer
36whitelist ${HOME}/.config/okularpartrc
37whitelist ${HOME}/.config/okularrc
38whitelist ${HOME}/.config/pipelight-silverlight5.1
39whitelist ${HOME}/.config/pipelight-widevine
40whitelist ${HOME}/.config/qpdfview
41whitelist ${HOME}/.kde/share/apps/okular
42whitelist ${HOME}/.kde/share/config/okularpartrc
43whitelist ${HOME}/.kde/share/config/okularrc
44whitelist ${HOME}/.kde4/share/apps/okular
45whitelist ${HOME}/.kde4/share/config/okularpartrc
46whitelist ${HOME}/.kde4/share/config/okularrc
47whitelist ${HOME}/.keysnail.js
48whitelist ${HOME}/.lastpass
49whitelist ${HOME}/.local/share/gnome-shell/extensions
50whitelist ${HOME}/.local/share/okular
51whitelist ${HOME}/.local/share/qpdfview
52whitelist ${HOME}/.mozilla
53whitelist ${HOME}/.pentadactyl
54whitelist ${HOME}/.pentadactylrc
55whitelist ${HOME}/.pki
56whitelist ${HOME}/.vimperator
57whitelist ${HOME}/.vimperatorrc
58whitelist ${HOME}/.wine-pipelight
59whitelist ${HOME}/.wine-pipelight64
60whitelist ${HOME}/.zotero
61whitelist ${HOME}/dwhelper
62include /etc/firejail/whitelist-common.inc
63include /etc/firejail/whitelist-var-common.inc
64
65caps.drop all
66netfilter
67nodvd
68nogroups
69nonewprivs
70noroot
71notv
72protocol unix,inet,inet6,netlink
73seccomp
74shell none
75tracelog
76
77# private-bin firefox,which,sh,dbus-launch,dbus-send,env
78private-dev
79# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
80private-tmp
81
82noexec ${HOME}
83noexec /tmp
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index 66cd27461..be9e62123 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -7,67 +7,14 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9noblacklist ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde4/share/apps/okular
15noblacklist ${HOME}/.local/share/okular
16noblacklist ${HOME}/.local/share/qpdfview
17noblacklist ${HOME}/.pki
18
19include /etc/firejail/disable-common.inc
20include /etc/firejail/disable-devel.inc
21include /etc/firejail/disable-programs.inc
22 10
23mkdir ${HOME}/.8pecxstudios 11mkdir ${HOME}/.8pecxstudios
24mkdir ${HOME}/.cache/8pecxstudios 12mkdir ${HOME}/.cache/8pecxstudios
25mkdir ${HOME}/.pki
26whitelist ${DOWNLOADS}
27whitelist ${HOME}/.8pecxstudios 13whitelist ${HOME}/.8pecxstudios
28whitelist ${HOME}/.cache/8pecxstudios 14whitelist ${HOME}/.cache/8pecxstudios
29whitelist ${HOME}/.cache/gnome-mplayer/plugin
30whitelist ${HOME}/.config/gnome-mplayer
31whitelist ${HOME}/.config/okularpartrc
32whitelist ${HOME}/.config/okularrc
33whitelist ${HOME}/.config/pipelight-silverlight5.1
34whitelist ${HOME}/.config/pipelight-widevine
35whitelist ${HOME}/.config/qpdfview
36whitelist ${HOME}/.kde/share/apps/okular
37whitelist ${HOME}/.kde4/share/apps/okular
38whitelist ${HOME}/.keysnail.js
39whitelist ${HOME}/.lastpass
40whitelist ${HOME}/.local/share/okular
41whitelist ${HOME}/.local/share/qpdfview
42whitelist ${HOME}/.pentadactyl
43whitelist ${HOME}/.pentadactylrc
44whitelist ${HOME}/.pki
45whitelist ${HOME}/.vimperator
46whitelist ${HOME}/.vimperatorrc
47whitelist ${HOME}/.wine-pipelight
48whitelist ${HOME}/.wine-pipelight64
49whitelist ${HOME}/.zotero
50whitelist ${HOME}/dwhelper
51include /etc/firejail/whitelist-common.inc
52
53caps.drop all
54netfilter
55nodvd
56nogroups
57nonewprivs
58noroot
59notv
60protocol unix,inet,inet6,netlink
61seccomp
62shell none
63tracelog
64 15
65disable-mnt
66# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env 16# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
67private-dev
68private-dev
69# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse 17# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
70private-tmp
71 18
72noexec ${HOME} 19# Redirect
73noexec /tmp 20include /etc/firejail/firefox-common.profile
diff --git a/etc/dnox.profile b/etc/dnox.profile
index d6626c048..505884ca6 100644
--- a/etc/dnox.profile
+++ b/etc/dnox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/dnox 8noblacklist ${HOME}/.cache/dnox
9noblacklist ${HOME}/.config/dnox 9noblacklist ${HOME}/.config/dnox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/dnox 11mkdir ${HOME}/.cache/dnox
16mkdir ${HOME}/.config/dnox 12mkdir ${HOME}/.config/dnox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/dnox 13whitelist ${HOME}/.cache/dnox
20whitelist ${HOME}/.config/dnox 14whitelist ${HOME}/.config/dnox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
new file mode 100644
index 000000000..962080c58
--- /dev/null
+++ b/etc/firefox-common.profile
@@ -0,0 +1,85 @@
1# Firejail profile for firefox-common
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/firefox-common.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/okularpartrc
9noblacklist ${HOME}/.config/okularrc
10noblacklist ${HOME}/.config/qpdfview
11noblacklist ${HOME}/.kde/share/apps/kget
12noblacklist ${HOME}/.kde/share/apps/okular
13noblacklist ${HOME}/.kde/share/config/kgetrc
14noblacklist ${HOME}/.kde/share/config/okularpartrc
15noblacklist ${HOME}/.kde/share/config/okularrc
16noblacklist ${HOME}/.kde4/share/apps/kget
17noblacklist ${HOME}/.kde4/share/apps/okular
18noblacklist ${HOME}/.kde4/share/config/kgetrc
19noblacklist ${HOME}/.kde4/share/config/okularpartrc
20noblacklist ${HOME}/.kde4/share/config/okularrc
21# noblacklist ${HOME}/.local/share/gnome-shell/extensions
22noblacklist ${HOME}/.local/share/okular
23noblacklist ${HOME}/.local/share/qpdfview
24noblacklist ${HOME}/.pki
25
26include /etc/firejail/disable-common.inc
27include /etc/firejail/disable-devel.inc
28include /etc/firejail/disable-programs.inc
29
30mkdir ${HOME}/.pki
31whitelist ${DOWNLOADS}
32whitelist ${HOME}/.cache/gnome-mplayer/plugin
33whitelist ${HOME}/.config/gnome-mplayer
34whitelist ${HOME}/.config/okularpartrc
35whitelist ${HOME}/.config/okularrc
36whitelist ${HOME}/.config/pipelight-silverlight5.1
37whitelist ${HOME}/.config/pipelight-widevine
38whitelist ${HOME}/.config/qpdfview
39whitelist ${HOME}/.kde/share/apps/kget
40whitelist ${HOME}/.kde/share/apps/okular
41whitelist ${HOME}/.kde/share/config/kgetrc
42whitelist ${HOME}/.kde/share/config/okularpartrc
43whitelist ${HOME}/.kde/share/config/okularrc
44whitelist ${HOME}/.kde4/share/apps/kget
45whitelist ${HOME}/.kde4/share/apps/okular
46whitelist ${HOME}/.kde4/share/config/kgetrc
47whitelist ${HOME}/.kde4/share/config/okularpartrc
48whitelist ${HOME}/.kde4/share/config/okularrc
49whitelist ${HOME}/.keysnail.js
50whitelist ${HOME}/.lastpass
51whitelist ${HOME}/.local/share/gnome-shell/extensions
52whitelist ${HOME}/.local/share/okular
53whitelist ${HOME}/.local/share/qpdfview
54whitelist ${HOME}/.pentadactyl
55whitelist ${HOME}/.pentadactylrc
56whitelist ${HOME}/.pki
57whitelist ${HOME}/.vimperator
58whitelist ${HOME}/.vimperatorrc
59whitelist ${HOME}/.wine-pipelight
60whitelist ${HOME}/.wine-pipelight64
61whitelist ${HOME}/.zotero
62whitelist ${HOME}/dwhelper
63include /etc/firejail/whitelist-common.inc
64include /etc/firejail/whitelist-var-common.inc
65
66caps.drop all
67# machine-id breaks pulse audio; it should work fine in setups where sound is not required
68#machine-id
69netfilter
70nodvd
71nogroups
72nonewprivs
73noroot
74notv
75protocol unix,inet,inet6,netlink
76seccomp
77shell none
78tracelog
79
80disable-mnt
81private-dev
82private-tmp
83
84noexec ${HOME}
85noexec /tmp
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 079cb1536..15ca094f1 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -6,90 +6,17 @@ include /etc/firejail/firefox.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.config/okularpartrc
10noblacklist ${HOME}/.config/okularrc
11noblacklist ${HOME}/.config/qpdfview
12noblacklist ${HOME}/.kde/share/apps/kget
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/kgetrc
15noblacklist ${HOME}/.kde/share/config/okularpartrc
16noblacklist ${HOME}/.kde/share/config/okularrc
17noblacklist ${HOME}/.kde4/share/apps/kget
18noblacklist ${HOME}/.kde4/share/apps/okular
19noblacklist ${HOME}/.kde4/share/config/kgetrc
20noblacklist ${HOME}/.kde4/share/config/okularpartrc
21noblacklist ${HOME}/.kde4/share/config/okularrc
22# noblacklist ${HOME}/.local/share/gnome-shell/extensions
23noblacklist ${HOME}/.local/share/okular
24noblacklist ${HOME}/.local/share/qpdfview
25noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
26noblacklist ${HOME}/.pki
27
28include /etc/firejail/disable-common.inc
29include /etc/firejail/disable-devel.inc
30include /etc/firejail/disable-programs.inc
31 10
32mkdir ${HOME}/.cache/mozilla/firefox 11mkdir ${HOME}/.cache/mozilla/firefox
33mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
34mkdir ${HOME}/.pki
35whitelist ${DOWNLOADS}
36whitelist ${HOME}/.cache/gnome-mplayer/plugin
37whitelist ${HOME}/.cache/mozilla/firefox 13whitelist ${HOME}/.cache/mozilla/firefox
38whitelist ${HOME}/.config/gnome-mplayer
39whitelist ${HOME}/.config/okularpartrc
40whitelist ${HOME}/.config/okularrc
41whitelist ${HOME}/.config/pipelight-silverlight5.1
42whitelist ${HOME}/.config/pipelight-widevine
43whitelist ${HOME}/.config/qpdfview
44whitelist ${HOME}/.kde/share/apps/kget
45whitelist ${HOME}/.kde/share/apps/okular
46whitelist ${HOME}/.kde/share/config/kgetrc
47whitelist ${HOME}/.kde/share/config/okularpartrc
48whitelist ${HOME}/.kde/share/config/okularrc
49whitelist ${HOME}/.kde4/share/apps/kget
50whitelist ${HOME}/.kde4/share/apps/okular
51whitelist ${HOME}/.kde4/share/config/kgetrc
52whitelist ${HOME}/.kde4/share/config/okularpartrc
53whitelist ${HOME}/.kde4/share/config/okularrc
54whitelist ${HOME}/.keysnail.js
55whitelist ${HOME}/.lastpass
56whitelist ${HOME}/.local/share/gnome-shell/extensions
57whitelist ${HOME}/.local/share/okular
58whitelist ${HOME}/.local/share/qpdfview
59whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
60whitelist ${HOME}/.pentadactyl
61whitelist ${HOME}/.pentadactylrc
62whitelist ${HOME}/.pki
63whitelist ${HOME}/.vimperator
64whitelist ${HOME}/.vimperatorrc
65whitelist ${HOME}/.wine-pipelight
66whitelist ${HOME}/.wine-pipelight64
67whitelist ${HOME}/.zotero
68whitelist ${HOME}/dwhelper
69include /etc/firejail/whitelist-common.inc
70include /etc/firejail/whitelist-var-common.inc
71
72caps.drop all
73# machine-id breaks pulse audio; it should work fine in setups where sound is not required
74#machine-id
75netfilter
76nodvd
77nogroups
78nonewprivs
79noroot
80notv
81protocol unix,inet,inet6,netlink
82seccomp
83shell none
84tracelog
85 15
86disable-mnt
87# firefox requires a shell to launch on Arch. 16# firefox requires a shell to launch on Arch.
88# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash 17# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
89private-dev
90# private-etc below works fine on most distributions. There are some problems on CentOS. 18# private-etc below works fine on most distributions. There are some problems on CentOS.
91# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies 19# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
92private-tmp
93 20
94noexec ${HOME} 21# Redirect
95noexec /tmp 22include /etc/firejail/firefox-common.profile
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index d9be8b9c5..63f9d19a9 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -5,35 +5,13 @@ include /etc/firejail/flashpeak-slimjet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# This is a whitelisted profile, the internal browser sandbox
9# is disabled because it requires sudo password. The command
10# to run it is as follows:
11# firejail flashpeak-slimjet --no-sandbox
12
13noblacklist ${HOME}/.cache/slimjet 8noblacklist ${HOME}/.cache/slimjet
14noblacklist ${HOME}/.config/slimjet 9noblacklist ${HOME}/.config/slimjet
15noblacklist ${HOME}/.pki
16
17include /etc/firejail/disable-common.inc
18include /etc/firejail/disable-devel.inc
19include /etc/firejail/disable-programs.inc
20 10
21mkdir ${HOME}/.cache/slimjet 11mkdir ${HOME}/.cache/slimjet
22mkdir ${HOME}/.config/slimjet 12mkdir ${HOME}/.config/slimjet
23mkdir ${HOME}/.pki
24whitelist ${DOWNLOADS}
25whitelist ${HOME}/.cache/slimjet 13whitelist ${HOME}/.cache/slimjet
26whitelist ${HOME}/.config/slimjet 14whitelist ${HOME}/.config/slimjet
27whitelist ${HOME}/.pki
28include /etc/firejail/whitelist-common.inc
29
30caps.drop all
31netfilter
32nodvd
33nonewprivs
34noroot
35notv
36protocol unix,inet,inet6,netlink
37seccomp
38 15
39disable-mnt 16# Redirect
17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index 9c7306b85..ab16558ea 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-beta 8noblacklist ${HOME}/.cache/google-chrome-beta
9noblacklist ${HOME}/.config/google-chrome-beta 9noblacklist ${HOME}/.config/google-chrome-beta
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome-beta 11mkdir ${HOME}/.cache/google-chrome-beta
17mkdir ${HOME}/.config/google-chrome-beta 12mkdir ${HOME}/.config/google-chrome-beta
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome-beta 13whitelist ${HOME}/.cache/google-chrome-beta
21whitelist ${HOME}/.config/google-chrome-beta 14whitelist ${HOME}/.config/google-chrome-beta
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index bb05b3e99..b7d0eccf3 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-unstable 8noblacklist ${HOME}/.cache/google-chrome-unstable
9noblacklist ${HOME}/.config/google-chrome-unstable 9noblacklist ${HOME}/.config/google-chrome-unstable
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome-unstable 11mkdir ${HOME}/.cache/google-chrome-unstable
17mkdir ${HOME}/.config/google-chrome-unstable 12mkdir ${HOME}/.config/google-chrome-unstable
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome-unstable 13whitelist ${HOME}/.cache/google-chrome-unstable
21whitelist ${HOME}/.config/google-chrome-unstable 14whitelist ${HOME}/.config/google-chrome-unstable
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 19ebfa974..6e44190ae 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -7,32 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome 8noblacklist ${HOME}/.cache/google-chrome
9noblacklist ${HOME}/.config/google-chrome 9noblacklist ${HOME}/.config/google-chrome
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome 11mkdir ${HOME}/.cache/google-chrome
17mkdir ${HOME}/.config/google-chrome 12mkdir ${HOME}/.config/google-chrome
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome 13whitelist ${HOME}/.cache/google-chrome
21whitelist ${HOME}/.config/google-chrome 14whitelist ${HOME}/.config/google-chrome
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc
25
26caps.keep sys_chroot,sys_admin
27netfilter
28nodvd
29nogroups
30notv
31shell none
32
33disable-mnt
34private-dev
35# private-tmp - problems with multiple browser sessions
36 15
37noexec ${HOME} 16# Redirect
38noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 9e5526c95..1470d4b12 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -7,46 +7,13 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/mozilla/icecat 11mkdir ${HOME}/.cache/mozilla/icecat
17mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/gnome-mplayer/plugin
20whitelist ${HOME}/.cache/mozilla/icecat 13whitelist ${HOME}/.cache/mozilla/icecat
21whitelist ${HOME}/.config/gnome-mplayer
22whitelist ${HOME}/.config/pipelight-silverlight5.1
23whitelist ${HOME}/.config/pipelight-widevine
24whitelist ${HOME}/.keysnail.js
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
27whitelist ${HOME}/.pentadactyl
28whitelist ${HOME}/.pentadactylrc
29whitelist ${HOME}/.pki
30whitelist ${HOME}/.vimperator
31whitelist ${HOME}/.vimperatorrc
32whitelist ${HOME}/.wine-pipelight
33whitelist ${HOME}/.wine-pipelight64
34whitelist ${HOME}/.zotero
35whitelist ${HOME}/dwhelper
36include /etc/firejail/whitelist-common.inc
37
38caps.drop all
39netfilter
40nodvd
41nonewprivs
42noroot
43notv
44protocol unix,inet,inet6,netlink
45seccomp
46tracelog
47 15
48disable-mnt 16# private-etc icecat,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
49# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
50 17
51noexec ${HOME} 18# Redirect
52noexec /tmp 19include /etc/firejail/firefox-common.profile
diff --git a/etc/inox.profile b/etc/inox.profile
index fbc654434..652761c54 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/inox 8noblacklist ${HOME}/.cache/inox
9noblacklist ${HOME}/.config/inox 9noblacklist ${HOME}/.config/inox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/inox 11mkdir ${HOME}/.cache/inox
16mkdir ${HOME}/.config/inox 12mkdir ${HOME}/.config/inox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/inox 13whitelist ${HOME}/.cache/inox
20whitelist ${HOME}/.config/inox 14whitelist ${HOME}/.config/inox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 76026722f..2869c3070 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -8,30 +8,10 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/iridium 8noblacklist ${HOME}/.cache/iridium
9noblacklist ${HOME}/.config/iridium 9noblacklist ${HOME}/.config/iridium
10 10
11include /etc/firejail/disable-common.inc
12# chromium/iridium is distributed with a perl script on Arch
13# include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15
16mkdir ${HOME}/.cache/iridium 11mkdir ${HOME}/.cache/iridium
17mkdir ${HOME}/.config/iridium 12mkdir ${HOME}/.config/iridium
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/iridium 13whitelist ${HOME}/.cache/iridium
21whitelist ${HOME}/.config/iridium 14whitelist ${HOME}/.config/iridium
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc
25
26caps.keep sys_chroot,sys_admin
27netfilter
28nodvd
29nogroups
30notv
31shell none
32
33private-dev
34# private-tmp - problems with multiple browser sessions
35 15
36noexec ${HOME} 16# Redirect
37noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 3fe86d26c..38a3152d2 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -5,24 +5,13 @@ include /etc/firejail/opera-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/opera
8noblacklist ${HOME}/.config/opera-beta 9noblacklist ${HOME}/.config/opera-beta
9noblacklist ${HOME}/.pki
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/opera 11mkdir ${HOME}/.cache/opera
16mkdir ${HOME}/.config/opera-beta 12mkdir ${HOME}/.config/opera-beta
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/opera 13whitelist ${HOME}/.cache/opera
20whitelist ${HOME}/.config/opera-beta 14whitelist ${HOME}/.config/opera-beta
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23
24netfilter
25nodvd
26notv
27 15
28disable-mnt 16# Redirect
17include /etc/firejail/chromium-common.profile
diff --git a/etc/opera.profile b/etc/opera.profile
index fed7564b2..c0138c555 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -8,25 +8,13 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/opera 8noblacklist ${HOME}/.cache/opera
9noblacklist ${HOME}/.config/opera 9noblacklist ${HOME}/.config/opera
10noblacklist ${HOME}/.opera 10noblacklist ${HOME}/.opera
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.cache/opera 12mkdir ${HOME}/.cache/opera
18mkdir ${HOME}/.config/opera 13mkdir ${HOME}/.config/opera
19mkdir ${HOME}/.opera 14mkdir ${HOME}/.opera
20mkdir ${HOME}/.pki
21whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/opera 15whitelist ${HOME}/.cache/opera
23whitelist ${HOME}/.config/opera 16whitelist ${HOME}/.config/opera
24whitelist ${HOME}/.opera 17whitelist ${HOME}/.opera
25whitelist ${HOME}/.pki
26include /etc/firejail/whitelist-common.inc
27
28netfilter
29nodvd
30notv
31 18
32disable-mnt 19# Redirect
20include /etc/firejail/chromium-common.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1112a9bb7..e59f20e9d 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -8,53 +8,14 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9noblacklist ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
10 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14
15# These are uncommented in the Firefox profile. If you run into trouble you may
16# want to uncomment (some of) them.
17#whitelist ${HOME}/dwhelper
18#whitelist ${HOME}/.zotero
19#whitelist ${HOME}/.vimperatorrc
20#whitelist ${HOME}/.vimperator
21#whitelist ${HOME}/.pentadactylrc
22#whitelist ${HOME}/.pentadactyl
23#whitelist ${HOME}/.keysnail.js
24#whitelist ${HOME}/.config/gnome-mplayer
25#whitelist ${HOME}/.cache/gnome-mplayer/plugin
26#whitelist ${HOME}/.pki
27#whitelist ${HOME}/.lastpass
28
29# For silverlight
30#whitelist ${HOME}/.wine-pipelight
31#whitelist ${HOME}/.wine-pipelight64
32#whitelist ${HOME}/.config/pipelight-widevine
33#whitelist ${HOME}/.config/pipelight-silverlight5.1
34
35mkdir ${HOME}/.cache/moonchild productions/pale moon 11mkdir ${HOME}/.cache/moonchild productions/pale moon
36mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
37whitelist ${DOWNLOADS}
38whitelist ${HOME}/.cache/moonchild productions/pale moon 13whitelist ${HOME}/.cache/moonchild productions/pale moon
39whitelist ${HOME}/.moonchild productions 14whitelist ${HOME}/.moonchild productions
40include /etc/firejail/whitelist-common.inc
41
42caps.drop all
43netfilter
44nodvd
45nogroups
46nonewprivs
47noroot
48notv
49protocol unix,inet,inet6,netlink
50seccomp
51shell none
52tracelog
53 15
54# private-bin palemoon 16# private-bin palemoon
55# private-dev (disabled for now as it will interfere with webcam use in palemoon) 17# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,palemoon,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
56# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
57# private-opt palemoon 18# private-opt palemoon
58private-tmp
59 19
60disable-mnt 20# Redirect
21include /etc/firejail/firefox-common.profile
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 3a1f72f23..aeef58292 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -8,28 +8,10 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/vivaldi 8noblacklist ${HOME}/.cache/vivaldi
9noblacklist ${HOME}/.config/vivaldi 9noblacklist ${HOME}/.config/vivaldi
10 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14
15mkdir ${HOME}/.cache/vivaldi 11mkdir ${HOME}/.cache/vivaldi
16mkdir ${HOME}/.config/vivaldi 12mkdir ${HOME}/.config/vivaldi
17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.cache/vivaldi 13whitelist ${HOME}/.cache/vivaldi
19whitelist ${HOME}/.config/vivaldi 14whitelist ${HOME}/.config/vivaldi
20include /etc/firejail/whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc
22
23caps.keep sys_chroot,sys_admin
24netfilter
25nodvd
26nogroups
27notv
28shell none
29
30disable-mnt
31private-dev
32# private-tmp - problems with multiple browser sessions
33 15
34noexec ${HOME} 16# Redirect
35noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index b2abb3a5f..521295dfa 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -7,83 +7,21 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.cache/waterfox 9noblacklist ${HOME}/.cache/waterfox
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/okularpartrc
15noblacklist ${HOME}/.kde/share/config/okularrc
16noblacklist ${HOME}/.kde4/share/apps/okular
17noblacklist ${HOME}/.kde4/share/config/okularpartrc
18noblacklist ${HOME}/.kde4/share/config/okularrc
19# noblacklist ${HOME}/.local/share/gnome-shell/extensions
20noblacklist ${HOME}/.local/share/okular
21noblacklist ${HOME}/.local/share/qpdfview
22noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
23noblacklist ${HOME}/.waterfox 11noblacklist ${HOME}/.waterfox
24noblacklist ${HOME}/.pki
25
26include /etc/firejail/disable-common.inc
27include /etc/firejail/disable-devel.inc
28include /etc/firejail/disable-programs.inc
29 12
30mkdir ${HOME}/.cache/mozilla/firefox 13mkdir ${HOME}/.cache/mozilla/firefox
31mkdir ${HOME}/.mozilla 14mkdir ${HOME}/.mozilla
32mkdir ${HOME}/.cache/waterfox 15mkdir ${HOME}/.cache/waterfox
33mkdir ${HOME}/.waterfox 16mkdir ${HOME}/.waterfox
34mkdir ${HOME}/.pki
35whitelist ${DOWNLOADS}
36whitelist ${HOME}/.cache/gnome-mplayer/plugin
37whitelist ${HOME}/.cache/mozilla/firefox 17whitelist ${HOME}/.cache/mozilla/firefox
38whitelist ${HOME}/.cache/waterfox 18whitelist ${HOME}/.cache/waterfox
39whitelist ${HOME}/.config/gnome-mplayer
40whitelist ${HOME}/.config/okularpartrc
41whitelist ${HOME}/.config/okularrc
42whitelist ${HOME}/.config/pipelight-silverlight5.1
43whitelist ${HOME}/.config/pipelight-widevine
44whitelist ${HOME}/.config/qpdfview
45whitelist ${HOME}/.kde/share/apps/okular
46whitelist ${HOME}/.kde/share/config/okularpartrc
47whitelist ${HOME}/.kde/share/config/okularrc
48whitelist ${HOME}/.kde4/share/apps/okular
49whitelist ${HOME}/.kde4/share/config/okularpartrc
50whitelist ${HOME}/.kde4/share/config/okularrc
51whitelist ${HOME}/.keysnail.js
52whitelist ${HOME}/.lastpass
53whitelist ${HOME}/.local/share/gnome-shell/extensions
54whitelist ${HOME}/.local/share/okular
55whitelist ${HOME}/.local/share/qpdfview
56whitelist ${HOME}/.mozilla 19whitelist ${HOME}/.mozilla
57whitelist ${HOME}/.waterfox 20whitelist ${HOME}/.waterfox
58whitelist ${HOME}/.pentadactyl
59whitelist ${HOME}/.pentadactylrc
60whitelist ${HOME}/.pki
61whitelist ${HOME}/.vimperator
62whitelist ${HOME}/.vimperatorrc
63whitelist ${HOME}/.wine-pipelight
64whitelist ${HOME}/.wine-pipelight64
65whitelist ${HOME}/.zotero
66whitelist ${HOME}/dwhelper
67include /etc/firejail/whitelist-common.inc
68include /etc/firejail/whitelist-var-common.inc
69
70caps.drop all
71netfilter
72nodvd
73nogroups
74nonewprivs
75noroot
76notv
77protocol unix,inet,inet6,netlink
78seccomp
79shell none
80tracelog
81 21
82# waterfox requires a shell to launch on Arch. We can possibly remove sh though. 22# waterfox requires a shell to launch on Arch. We can possibly remove sh though.
83# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash 23# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash
84private-dev 24# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
85# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse
86private-tmp
87 25
88noexec ${HOME} 26# Redirect
89noexec /tmp 27include /etc/firejail/firefox-common.profile
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index 1c7769727..fdb7694a5 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -9,35 +9,15 @@ noblacklist ${HOME}/.cache/yandex-browser
9noblacklist ${HOME}/.cache/yandex-browser-beta 9noblacklist ${HOME}/.cache/yandex-browser-beta
10noblacklist ${HOME}/.config/yandex-browser 10noblacklist ${HOME}/.config/yandex-browser
11noblacklist ${HOME}/.config/yandex-browser-beta 11noblacklist ${HOME}/.config/yandex-browser-beta
12noblacklist ${HOME}/.pki
13
14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-programs.inc
17 12
18mkdir ${HOME}/.cache/yandex-browser 13mkdir ${HOME}/.cache/yandex-browser
19mkdir ${HOME}/.cache/yandex-browser-beta 14mkdir ${HOME}/.cache/yandex-browser-beta
20mkdir ${HOME}/.config/yandex-browser 15mkdir ${HOME}/.config/yandex-browser
21mkdir ${HOME}/.config/yandex-browser-beta 16mkdir ${HOME}/.config/yandex-browser-beta
22mkdir ${HOME}/.pki
23whitelist ${DOWNLOADS}
24whitelist ${HOME}/.cache/yandex-browser 17whitelist ${HOME}/.cache/yandex-browser
25whitelist ${HOME}/.cache/yandex-browser-beta 18whitelist ${HOME}/.cache/yandex-browser-beta
26whitelist ${HOME}/.config/yandex-browser 19whitelist ${HOME}/.config/yandex-browser
27whitelist ${HOME}/.config/yandex-browser-beta 20whitelist ${HOME}/.config/yandex-browser-beta
28whitelist ${HOME}/.pki
29include /etc/firejail/whitelist-common.inc
30
31caps.keep sys_chroot,sys_admin
32netfilter
33nodvd
34nogroups
35notv
36shell none
37
38disable-mnt
39private-dev
40# private-tmp - problems with multiple browser sessions
41 21
42noexec ${HOME} 22# Redirect
43noexec /tmp 23include /etc/firejail/chromium-common.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 11:40:13 +0000