Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/firefox.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 47 insertions, 51 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile
index aff6e8334..8d48a4704 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -1,77 +1,73 @@
-# Persistent global definitions go here
+# Firejail profile for firefox
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/firefox.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
-noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
+noblacklist ~/.config/okularpartrc
+noblacklist ~/.config/okularrc
 noblacklist ~/.config/qpdfview
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.kde/share/apps/okular
+noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.local/share/okular
-noblacklist ~/.config/okularpartrc
+noblacklist ~/.local/share/qpdfview
-noblacklist ~/.config/okularrc
+noblacklist ~/.mozilla
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
-caps.drop all
-# ipc-namespace crashes firefox on some setups
-netfilter
-nogroups
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-tracelog
-whitelist ${DOWNLOADS}
-mkdir ~/.mozilla
-whitelist ~/.mozilla
 mkdir ~/.cache/mozilla/firefox
+mkdir ~/.mozilla
+mkdir ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.cache/mozilla/firefox
-whitelist ~/dwhelper
-whitelist ~/.zotero
-whitelist ~/.vimperatorrc
-whitelist ~/.vimperator
-whitelist ~/.pentadactylrc
-whitelist ~/.pentadactyl
-whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
-whitelist ~/.cache/gnome-mplayer/plugin
-mkdir ~/.pki
-whitelist ~/.pki
-whitelist ~/.lastpass
-whitelist ~/.config/qpdfview
-whitelist ~/.local/share/qpdfview
-whitelist ~/.config/okularrc
 whitelist ~/.config/okularpartrc
-whitelist ~/.kde4/share/apps/okular
+whitelist ~/.config/okularrc
+whitelist ~/.config/pipelight-silverlight5.1
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/qpdfview
 whitelist ~/.kde/share/apps/okular
+whitelist ~/.kde4/share/apps/okular
+whitelist ~/.keysnail.js
+whitelist ~/.lastpass
 whitelist ~/.local/share/okular
+whitelist ~/.local/share/qpdfview
-# silverlight
+whitelist ~/.mozilla
+whitelist ~/.pentadactyl
+whitelist ~/.pentadactylrc
+whitelist ~/.pki
+whitelist ~/.vimperator
+whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
-whitelist ~/.config/pipelight-widevine
+whitelist ~/.zotero
-whitelist ~/.config/pipelight-silverlight5.1
+whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
-# experimental features
+caps.drop all
-#private-bin firefox,which,sh,dbus-launch,dbus-send,env
+netfilter
-#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
+nogroups
-# private-dev might prevent video calls going out
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+# private-bin firefox,which,sh,dbus-launch,dbus-send,env
 private-dev
+# private-dev might prevent video calls going out
+# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 private-tmp
-#disable-mnt
 noexec ${HOME}
 noexec /tmp
+# CLOBBERED COMMENTS
+# disable-mnt
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/firefox.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/firefox.profile b/etc/firefox.profile index aff6e8334..8d48a4704 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -1,77 +1,73 @@
1	# Persistent global definitions go here	1	# Firejail profile for firefox
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/firefox.local	4	include /etc/firejail/firefox.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
9	noblacklist ~/.mozilla
10	noblacklist ~/.cache/mozilla	8	noblacklist ~/.cache/mozilla
		9	noblacklist ~/.config/okularpartrc
		10	noblacklist ~/.config/okularrc
11	noblacklist ~/.config/qpdfview	11	noblacklist ~/.config/qpdfview
12	noblacklist ~/.local/share/qpdfview
13	noblacklist ~/.kde4/share/apps/okular
14	noblacklist ~/.kde/share/apps/okular	12	noblacklist ~/.kde/share/apps/okular
		13	noblacklist ~/.kde4/share/apps/okular
15	noblacklist ~/.local/share/okular	14	noblacklist ~/.local/share/okular
16	noblacklist ~/.config/okularpartrc	15	noblacklist ~/.local/share/qpdfview
17	noblacklist ~/.config/okularrc	16	noblacklist ~/.mozilla
18	noblacklist ~/.pki	17	noblacklist ~/.pki
19		18
20	include /etc/firejail/disable-common.inc	19	include /etc/firejail/disable-common.inc
21	include /etc/firejail/disable-programs.inc
22	include /etc/firejail/disable-devel.inc	20	include /etc/firejail/disable-devel.inc
		21	include /etc/firejail/disable-programs.inc
23		22
24	caps.drop all
25	# ipc-namespace crashes firefox on some setups
26	netfilter
27	nogroups
28	nonewprivs
29	noroot
30	protocol unix,inet,inet6,netlink
31	seccomp
32	shell none
33	tracelog
34
35	whitelist ${DOWNLOADS}
36	mkdir ~/.mozilla
37	whitelist ~/.mozilla
38	mkdir ~/.cache/mozilla/firefox	23	mkdir ~/.cache/mozilla/firefox
		24	mkdir ~/.mozilla
		25	mkdir ~/.pki
		26	whitelist ${DOWNLOADS}
		27	whitelist ~/.cache/gnome-mplayer/plugin
39	whitelist ~/.cache/mozilla/firefox	28	whitelist ~/.cache/mozilla/firefox
40	whitelist ~/dwhelper
41	whitelist ~/.zotero
42	whitelist ~/.vimperatorrc
43	whitelist ~/.vimperator
44	whitelist ~/.pentadactylrc
45	whitelist ~/.pentadactyl
46	whitelist ~/.keysnail.js
47	whitelist ~/.config/gnome-mplayer	29	whitelist ~/.config/gnome-mplayer
48	whitelist ~/.cache/gnome-mplayer/plugin
49	mkdir ~/.pki
50	whitelist ~/.pki
51	whitelist ~/.lastpass
52	whitelist ~/.config/qpdfview
53	whitelist ~/.local/share/qpdfview
54	whitelist ~/.config/okularrc
55	whitelist ~/.config/okularpartrc	30	whitelist ~/.config/okularpartrc
56	whitelist ~/.kde4/share/apps/okular	31	whitelist ~/.config/okularrc
		32	whitelist ~/.config/pipelight-silverlight5.1
		33	whitelist ~/.config/pipelight-widevine
		34	whitelist ~/.config/qpdfview
57	whitelist ~/.kde/share/apps/okular	35	whitelist ~/.kde/share/apps/okular
		36	whitelist ~/.kde4/share/apps/okular
		37	whitelist ~/.keysnail.js
		38	whitelist ~/.lastpass
58	whitelist ~/.local/share/okular	39	whitelist ~/.local/share/okular
59		40	whitelist ~/.local/share/qpdfview
60	# silverlight	41	whitelist ~/.mozilla
		42	whitelist ~/.pentadactyl
		43	whitelist ~/.pentadactylrc
		44	whitelist ~/.pki
		45	whitelist ~/.vimperator
		46	whitelist ~/.vimperatorrc
61	whitelist ~/.wine-pipelight	47	whitelist ~/.wine-pipelight
62	whitelist ~/.wine-pipelight64	48	whitelist ~/.wine-pipelight64
63	whitelist ~/.config/pipelight-widevine	49	whitelist ~/.zotero
64	whitelist ~/.config/pipelight-silverlight5.1	50	whitelist ~/dwhelper
65
66	include /etc/firejail/whitelist-common.inc	51	include /etc/firejail/whitelist-common.inc
67		52
68	# experimental features	53	caps.drop all
69	#private-bin firefox,which,sh,dbus-launch,dbus-send,env	54	netfilter
70	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse	55	nogroups
71	# private-dev might prevent video calls going out	56	nonewprivs
		57	noroot
		58	protocol unix,inet,inet6,netlink
		59	seccomp
		60	shell none
		61	tracelog
		62
		63	# private-bin firefox,which,sh,dbus-launch,dbus-send,env
72	private-dev	64	private-dev
		65	# private-dev might prevent video calls going out
		66	# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
73	private-tmp	67	private-tmp
74	#disable-mnt
75		68
76	noexec ${HOME}	69	noexec ${HOME}
77	noexec /tmp	70	noexec /tmp
		71
		72	# CLOBBERED COMMENTS
		73	# disable-mnt