diff options
author | Tad <tad@spotco.us> | 2018-02-11 15:27:30 -0500 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-02-11 16:50:52 -0500 |
commit | df2f568041fd926a217812523399b059bc888233 (patch) | |
tree | 462aefab783de40936af472d51f79518ca861d86 /etc/firefox-common.profile | |
parent | update various application blacklists (diff) | |
download | firejail-df2f568041fd926a217812523399b059bc888233.tar.gz firejail-df2f568041fd926a217812523399b059bc888233.tar.zst firejail-df2f568041fd926a217812523399b059bc888233.zip |
Unify all Chromium and Firefox based browser profiles as part of #1773
Diffstat (limited to 'etc/firefox-common.profile')
-rw-r--r-- | etc/firefox-common.profile | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile new file mode 100644 index 000000000..962080c58 --- /dev/null +++ b/etc/firefox-common.profile | |||
@@ -0,0 +1,85 @@ | |||
1 | # Firejail profile for firefox-common | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/firefox-common.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.config/okularpartrc | ||
9 | noblacklist ${HOME}/.config/okularrc | ||
10 | noblacklist ${HOME}/.config/qpdfview | ||
11 | noblacklist ${HOME}/.kde/share/apps/kget | ||
12 | noblacklist ${HOME}/.kde/share/apps/okular | ||
13 | noblacklist ${HOME}/.kde/share/config/kgetrc | ||
14 | noblacklist ${HOME}/.kde/share/config/okularpartrc | ||
15 | noblacklist ${HOME}/.kde/share/config/okularrc | ||
16 | noblacklist ${HOME}/.kde4/share/apps/kget | ||
17 | noblacklist ${HOME}/.kde4/share/apps/okular | ||
18 | noblacklist ${HOME}/.kde4/share/config/kgetrc | ||
19 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | ||
20 | noblacklist ${HOME}/.kde4/share/config/okularrc | ||
21 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions | ||
22 | noblacklist ${HOME}/.local/share/okular | ||
23 | noblacklist ${HOME}/.local/share/qpdfview | ||
24 | noblacklist ${HOME}/.pki | ||
25 | |||
26 | include /etc/firejail/disable-common.inc | ||
27 | include /etc/firejail/disable-devel.inc | ||
28 | include /etc/firejail/disable-programs.inc | ||
29 | |||
30 | mkdir ${HOME}/.pki | ||
31 | whitelist ${DOWNLOADS} | ||
32 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | ||
33 | whitelist ${HOME}/.config/gnome-mplayer | ||
34 | whitelist ${HOME}/.config/okularpartrc | ||
35 | whitelist ${HOME}/.config/okularrc | ||
36 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | ||
37 | whitelist ${HOME}/.config/pipelight-widevine | ||
38 | whitelist ${HOME}/.config/qpdfview | ||
39 | whitelist ${HOME}/.kde/share/apps/kget | ||
40 | whitelist ${HOME}/.kde/share/apps/okular | ||
41 | whitelist ${HOME}/.kde/share/config/kgetrc | ||
42 | whitelist ${HOME}/.kde/share/config/okularpartrc | ||
43 | whitelist ${HOME}/.kde/share/config/okularrc | ||
44 | whitelist ${HOME}/.kde4/share/apps/kget | ||
45 | whitelist ${HOME}/.kde4/share/apps/okular | ||
46 | whitelist ${HOME}/.kde4/share/config/kgetrc | ||
47 | whitelist ${HOME}/.kde4/share/config/okularpartrc | ||
48 | whitelist ${HOME}/.kde4/share/config/okularrc | ||
49 | whitelist ${HOME}/.keysnail.js | ||
50 | whitelist ${HOME}/.lastpass | ||
51 | whitelist ${HOME}/.local/share/gnome-shell/extensions | ||
52 | whitelist ${HOME}/.local/share/okular | ||
53 | whitelist ${HOME}/.local/share/qpdfview | ||
54 | whitelist ${HOME}/.pentadactyl | ||
55 | whitelist ${HOME}/.pentadactylrc | ||
56 | whitelist ${HOME}/.pki | ||
57 | whitelist ${HOME}/.vimperator | ||
58 | whitelist ${HOME}/.vimperatorrc | ||
59 | whitelist ${HOME}/.wine-pipelight | ||
60 | whitelist ${HOME}/.wine-pipelight64 | ||
61 | whitelist ${HOME}/.zotero | ||
62 | whitelist ${HOME}/dwhelper | ||
63 | include /etc/firejail/whitelist-common.inc | ||
64 | include /etc/firejail/whitelist-var-common.inc | ||
65 | |||
66 | caps.drop all | ||
67 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required | ||
68 | #machine-id | ||
69 | netfilter | ||
70 | nodvd | ||
71 | nogroups | ||
72 | nonewprivs | ||
73 | noroot | ||
74 | notv | ||
75 | protocol unix,inet,inet6,netlink | ||
76 | seccomp | ||
77 | shell none | ||
78 | tracelog | ||
79 | |||
80 | disable-mnt | ||
81 | private-dev | ||
82 | private-tmp | ||
83 | |||
84 | noexec ${HOME} | ||
85 | noexec /tmp | ||