Unify all Chromium and Firefox based browser profiles as part of #1773

1 files changed, 2 insertions, 75 deletions

diff --git a/etc/firefox.profile b/etc/firefox.profile
index 079cb1536..15ca094f1 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -6,90 +6,17 @@ include /etc/firejail/firefox.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.config/qpdfview
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-# noblacklist ${HOME}/.local/share/gnome-shell/extensions
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${HOME}/.local/share/qpdfview
 noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
-
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-programs.inc
 
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-mkdir ${HOME}/.pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
 whitelist ${HOME}/.cache/mozilla/firefox
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/okularpartrc
-whitelist ${HOME}/.config/okularrc
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.config/qpdfview
-whitelist ${HOME}/.kde/share/apps/kget
-whitelist ${HOME}/.kde/share/apps/okular
-whitelist ${HOME}/.kde/share/config/kgetrc
-whitelist ${HOME}/.kde/share/config/okularpartrc
-whitelist ${HOME}/.kde/share/config/okularrc
-whitelist ${HOME}/.kde4/share/apps/kget
-whitelist ${HOME}/.kde4/share/apps/okular
-whitelist ${HOME}/.kde4/share/config/kgetrc
-whitelist ${HOME}/.kde4/share/config/okularpartrc
-whitelist ${HOME}/.kde4/share/config/okularrc
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.local/share/gnome-shell/extensions
-whitelist ${HOME}/.local/share/okular
-whitelist ${HOME}/.local/share/qpdfview
 whitelist ${HOME}/.mozilla
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-include /etc/firejail/whitelist-common.inc
-include /etc/firejail/whitelist-var-common.inc
-
-caps.drop all
-# machine-id breaks pulse audio; it should work fine in setups where sound is not required
-#machine-id
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-tracelog
 
-disable-mnt
 # firefox requires a shell to launch on Arch.
 # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
-private-dev
 # private-etc below works fine on most distributions. There are some problems on CentOS.
 # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
-private-tmp
 
-noexec ${HOME}
-noexec /tmp
+# Redirect
+include /etc/firejail/firefox-common.profile