Firefox profile fix for 0.9.38 (Ubuntu 16.04) in etc-fixes/

Seccomp filter lifted from 0.9.54 version. Cosmetic errors occur
for unrecognised options (such as @clock) but do not affect sandbox.

1 files changed, 29 insertions, 0 deletions

diff --git a/etc-fixes/0.9.38/firefox.profile b/etc-fixes/0.9.38/firefox.profile
new file mode 100644
index 000000000..c5c47d1b5
--- /dev/null
+++ b/etc-fixes/0.9.38/firefox.profile
@@ -0,0 +1,29 @@
+# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
+noblacklist ${HOME}/.mozilla
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+protocol unix,inet,inet6,netlink
+netfilter
+# tracelog
+noroot
+whitelist ${DOWNLOADS}
+whitelist ~/.mozilla
+whitelist ~/.cache/mozilla/firefox
+whitelist ~/dwhelper
+whitelist ~/.zotero
+whitelist ~/.lastpass
+whitelist ~/.vimperatorrc
+whitelist ~/.vimperator
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.keysnail.js
+whitelist ~/.config/gnome-mplayer
+whitelist ~/.cache/gnome-mplayer/plugin
+include /etc/firejail/whitelist-common.inc
+
+# experimental features
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse