Unify all Chromium and Firefox based browser profiles as part of #1773

author: Tad <tad@spotco.us> 2018-02-11 15:27:30 -0500
committer: Tad <tad@spotco.us> 2018-02-11 16:50:52 -0500
commit: df2f568041fd926a217812523399b059bc888233 (patch)
tree: 462aefab783de40936af472d51f79518ca861d86 /etc/abrowser.profile
parent: update various application blacklists (diff)
download: firejail-df2f568041fd926a217812523399b059bc888233.tar.gz
firejail-df2f568041fd926a217812523399b059bc888233.tar.zst
firejail-df2f568041fd926a217812523399b059bc888233.zip
1 files changed, 4 insertions, 32 deletions
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 5c964bad1..01f60b559 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -7,42 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/mozilla
 noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-programs.inc
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
 whitelist ${HOME}/.cache/mozilla/abrowser
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
 whitelist ${HOME}/.mozilla
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-include /etc/firejail/whitelist-common.inc
-caps.drop all
+# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,abrowser,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
-netfilter
-nodvd
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-tracelog
-# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
+# Redirect
+include /etc/firejail/firefox-common.profile
author	Tad <tad@spotco.us>	2018-02-11 15:27:30 -0500
committer	Tad <tad@spotco.us>	2018-02-11 16:50:52 -0500
commit	df2f568041fd926a217812523399b059bc888233 (patch)
tree	462aefab783de40936af472d51f79518ca861d86 /etc/abrowser.profile
parent	update various application blacklists (diff)
download	firejail-df2f568041fd926a217812523399b059bc888233.tar.gz firejail-df2f568041fd926a217812523399b059bc888233.tar.zst firejail-df2f568041fd926a217812523399b059bc888233.zip

diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 5c964bad1..01f60b559 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile
@@ -7,42 +7,14 @@ include /etc/firejail/globals.local
7		7
8	noblacklist ${HOME}/.cache/mozilla	8	noblacklist ${HOME}/.cache/mozilla
9	noblacklist ${HOME}/.mozilla	9	noblacklist ${HOME}/.mozilla
10	noblacklist ${HOME}/.pki
11
12	include /etc/firejail/disable-common.inc
13	include /etc/firejail/disable-devel.inc
14	include /etc/firejail/disable-programs.inc
15		10
16	mkdir ${HOME}/.cache/mozilla/abrowser	11	mkdir ${HOME}/.cache/mozilla/abrowser
17	mkdir ${HOME}/.mozilla	12	mkdir ${HOME}/.mozilla
18	whitelist ${DOWNLOADS}
19	whitelist ${HOME}/.cache/gnome-mplayer/plugin
20	whitelist ${HOME}/.cache/mozilla/abrowser	13	whitelist ${HOME}/.cache/mozilla/abrowser
21	whitelist ${HOME}/.config/gnome-mplayer
22	whitelist ${HOME}/.config/pipelight-silverlight5.1
23	whitelist ${HOME}/.config/pipelight-widevine
24	whitelist ${HOME}/.keysnail.js
25	whitelist ${HOME}/.lastpass
26	whitelist ${HOME}/.mozilla	14	whitelist ${HOME}/.mozilla
27	whitelist ${HOME}/.pentadactyl
28	whitelist ${HOME}/.pentadactylrc
29	whitelist ${HOME}/.pki
30	whitelist ${HOME}/.vimperator
31	whitelist ${HOME}/.vimperatorrc
32	whitelist ${HOME}/.wine-pipelight
33	whitelist ${HOME}/.wine-pipelight64
34	whitelist ${HOME}/.zotero
35	whitelist ${HOME}/dwhelper
36	include /etc/firejail/whitelist-common.inc
37		15
38	caps.drop all	16	# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,abrowser,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
39	netfilter	17
40	nodvd
41	nonewprivs
42	noroot
43	notv
44	protocol unix,inet,inet6,netlink
45	seccomp
46	tracelog
47		18
48	# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse	19	# Redirect
		20	include /etc/firejail/firefox-common.profile