Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/icecat.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 31 insertions, 35 deletions
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 600263a2a..b8b267dff 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,53 +1,49 @@
-# Persistent global definitions go here
+# Firejail profile for icecat
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/icecat.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-# Firejail profile for GNU Icecat
-noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
+noblacklist ~/.mozilla
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
-caps.drop all
-netfilter
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp
-tracelog
-whitelist ${DOWNLOADS}
-mkdir ~/.mozilla
-whitelist ~/.mozilla
 mkdir ~/.cache/mozilla/icecat
+mkdir ~/.mozilla
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.cache/mozilla/icecat
-whitelist ~/dwhelper
-whitelist ~/.zotero
-whitelist ~/.vimperatorrc
-whitelist ~/.vimperator
-whitelist ~/.pentadactylrc
-whitelist ~/.pentadactyl
-whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
-whitelist ~/.cache/gnome-mplayer/plugin
+whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.pki
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.keysnail.js
 whitelist ~/.lastpass
+whitelist ~/.mozilla
-# silverlight
+whitelist ~/.pentadactyl
+whitelist ~/.pentadactylrc
+whitelist ~/.pki
+whitelist ~/.vimperator
+whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
-whitelist ~/.config/pipelight-widevine
+whitelist ~/.zotero
-whitelist ~/.config/pipelight-silverlight5.1
+whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
-# experimental features
+caps.drop all
-#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
 noexec ${HOME}
 noexec /tmp
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/icecat.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/icecat.profile b/etc/icecat.profile index 600263a2a..b8b267dff 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile
@@ -1,53 +1,49 @@
1	# Persistent global definitions go here	1	# Firejail profile for icecat
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/icecat.local	4	include /etc/firejail/icecat.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# Firejail profile for GNU Icecat
9	noblacklist ~/.mozilla
10	noblacklist ~/.cache/mozilla	8	noblacklist ~/.cache/mozilla
		9	noblacklist ~/.mozilla
11	noblacklist ~/.pki	10	noblacklist ~/.pki
		11
12	include /etc/firejail/disable-common.inc	12	include /etc/firejail/disable-common.inc
13	include /etc/firejail/disable-programs.inc
14	include /etc/firejail/disable-devel.inc	13	include /etc/firejail/disable-devel.inc
		14	include /etc/firejail/disable-programs.inc
15		15
16	caps.drop all
17	netfilter
18	nonewprivs
19	noroot
20	protocol unix,inet,inet6,netlink
21	seccomp
22	tracelog
23
24	whitelist ${DOWNLOADS}
25	mkdir ~/.mozilla
26	whitelist ~/.mozilla
27	mkdir ~/.cache/mozilla/icecat	16	mkdir ~/.cache/mozilla/icecat
		17	mkdir ~/.mozilla
		18	whitelist ${DOWNLOADS}
		19	whitelist ~/.cache/gnome-mplayer/plugin
28	whitelist ~/.cache/mozilla/icecat	20	whitelist ~/.cache/mozilla/icecat
29	whitelist ~/dwhelper
30	whitelist ~/.zotero
31	whitelist ~/.vimperatorrc
32	whitelist ~/.vimperator
33	whitelist ~/.pentadactylrc
34	whitelist ~/.pentadactyl
35	whitelist ~/.keysnail.js
36	whitelist ~/.config/gnome-mplayer	21	whitelist ~/.config/gnome-mplayer
37	whitelist ~/.cache/gnome-mplayer/plugin	22	whitelist ~/.config/pipelight-silverlight5.1
38	whitelist ~/.pki	23	whitelist ~/.config/pipelight-widevine
		24	whitelist ~/.keysnail.js
39	whitelist ~/.lastpass	25	whitelist ~/.lastpass
40		26	whitelist ~/.mozilla
41	# silverlight	27	whitelist ~/.pentadactyl
		28	whitelist ~/.pentadactylrc
		29	whitelist ~/.pki
		30	whitelist ~/.vimperator
		31	whitelist ~/.vimperatorrc
42	whitelist ~/.wine-pipelight	32	whitelist ~/.wine-pipelight
43	whitelist ~/.wine-pipelight64	33	whitelist ~/.wine-pipelight64
44	whitelist ~/.config/pipelight-widevine	34	whitelist ~/.zotero
45	whitelist ~/.config/pipelight-silverlight5.1	35	whitelist ~/dwhelper
46
47	include /etc/firejail/whitelist-common.inc	36	include /etc/firejail/whitelist-common.inc
48		37
49	# experimental features	38	caps.drop all
50	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse	39	netfilter
		40	nonewprivs
		41	noroot
		42	protocol unix,inet,inet6,netlink
		43	seccomp
		44	tracelog
		45
		46	# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
51		47
52	noexec ${HOME}	48	noexec ${HOME}
53	noexec /tmp	49	noexec /tmp