diff options
author | Your Name <you@example.com> | 2017-09-19 18:48:37 -0400 |
---|---|---|
committer | Your Name <you@example.com> | 2017-09-19 18:48:37 -0400 |
commit | cbbfcfd59519c555c8e4a347bf0d4e20ab717cd5 (patch) | |
tree | e45042ed1ea7db24f79ea658cc626cd03a994952 /etc/cliqz.profile | |
parent | Merge pull request #1555 from SpotComms/upstream (diff) | |
download | firejail-cbbfcfd59519c555c8e4a347bf0d4e20ab717cd5.tar.gz firejail-cbbfcfd59519c555c8e4a347bf0d4e20ab717cd5.tar.zst firejail-cbbfcfd59519c555c8e4a347bf0d4e20ab717cd5.zip |
1 LIST
Diffstat (limited to 'etc/cliqz.profile')
-rw-r--r-- | etc/cliqz.profile | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/etc/cliqz.profile b/etc/cliqz.profile new file mode 100644 index 000000000..9c0f44e97 --- /dev/null +++ b/etc/cliqz.profile | |||
@@ -0,0 +1,83 @@ | |||
1 | # Firejail profile for firefox | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/firefox.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.cache/cliqz | ||
9 | noblacklist ~/.config/cliqz | ||
10 | noblacklist ~/.config/okularpartrc | ||
11 | noblacklist ~/.config/okularrc | ||
12 | noblacklist ~/.config/qpdfview | ||
13 | noblacklist ~/.kde/share/apps/okular | ||
14 | noblacklist ~/.kde/share/config/okularpartrc | ||
15 | noblacklist ~/.kde/share/config/okularrc | ||
16 | noblacklist ~/.kde4/share/apps/okular | ||
17 | noblacklist ~/.kde4/share/config/okularpartrc | ||
18 | noblacklist ~/.kde4/share/config/okularrc | ||
19 | noblacklist ~/.local/share/gnome-shell/extensions | ||
20 | noblacklist ~/.local/share/okular | ||
21 | noblacklist ~/.local/share/qpdfview | ||
22 | |||
23 | noblacklist ~/.pki | ||
24 | |||
25 | include /etc/firejail/disable-common.inc | ||
26 | include /etc/firejail/disable-devel.inc | ||
27 | include /etc/firejail/disable-programs.inc | ||
28 | |||
29 | mkdir ~/.cache/mozilla/firefox | ||
30 | mkdir ~/.mozilla | ||
31 | mkdir ~/.pki | ||
32 | whitelist ${DOWNLOADS} | ||
33 | whitelist ~/.cache/gnome-mplayer/plugin | ||
34 | whitelist ~/.cache/mozilla/firefox | ||
35 | whitelist ~/.config/gnome-mplayer | ||
36 | whitelist ~/.config/okularpartrc | ||
37 | whitelist ~/.config/okularrc | ||
38 | whitelist ~/.config/pipelight-silverlight5.1 | ||
39 | whitelist ~/.config/pipelight-widevine | ||
40 | whitelist ~/.config/qpdfview | ||
41 | whitelist ~/.kde/share/apps/okular | ||
42 | whitelist ~/.kde/share/config/okularpartrc | ||
43 | whitelist ~/.kde/share/config/okularrc | ||
44 | whitelist ~/.kde4/share/apps/okular | ||
45 | whitelist ~/.kde4/share/config/okularpartrc | ||
46 | whitelist ~/.kde4/share/config/okularrc | ||
47 | whitelist ~/.keysnail.js | ||
48 | whitelist ~/.lastpass | ||
49 | whitelist ~/.local/share/gnome-shell/extensions | ||
50 | whitelist ~/.local/share/okular | ||
51 | whitelist ~/.local/share/qpdfview | ||
52 | whitelist ~/.mozilla | ||
53 | whitelist ~/.pentadactyl | ||
54 | whitelist ~/.pentadactylrc | ||
55 | whitelist ~/.pki | ||
56 | whitelist ~/.vimperator | ||
57 | whitelist ~/.vimperatorrc | ||
58 | whitelist ~/.wine-pipelight | ||
59 | whitelist ~/.wine-pipelight64 | ||
60 | whitelist ~/.zotero | ||
61 | whitelist ~/dwhelper | ||
62 | include /etc/firejail/whitelist-common.inc | ||
63 | include /etc/firejail/whitelist-var-common.inc | ||
64 | |||
65 | caps.drop all | ||
66 | netfilter | ||
67 | nodvd | ||
68 | nogroups | ||
69 | nonewprivs | ||
70 | noroot | ||
71 | notv | ||
72 | protocol unix,inet,inet6,netlink | ||
73 | seccomp | ||
74 | shell none | ||
75 | tracelog | ||
76 | |||
77 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env | ||
78 | private-dev | ||
79 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | ||
80 | private-tmp | ||
81 | |||
82 | noexec ${HOME} | ||
83 | noexec /tmp | ||