Unify all Chromium and Firefox based browser profiles as part of #1773

author: Tad <tad@spotco.us> 2018-02-11 15:27:30 -0500
committer: Tad <tad@spotco.us> 2018-02-11 16:50:52 -0500
commit: df2f568041fd926a217812523399b059bc888233 (patch)
tree: 462aefab783de40936af472d51f79518ca861d86 /etc/palemoon.profile
parent: update various application blacklists (diff)
download: firejail-df2f568041fd926a217812523399b059bc888233.tar.gz
firejail-df2f568041fd926a217812523399b059bc888233.tar.zst
firejail-df2f568041fd926a217812523399b059bc888233.zip
1 files changed, 3 insertions, 42 deletions
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1112a9bb7..e59f20e9d 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -8,53 +8,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/moonchild productions/pale moon
 noblacklist ${HOME}/.moonchild productions/pale moon
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-programs.inc
-# These are uncommented in the Firefox profile. If you run into trouble you may
-# want to uncomment (some of) them.
-#whitelist ${HOME}/dwhelper
-#whitelist ${HOME}/.zotero
-#whitelist ${HOME}/.vimperatorrc
-#whitelist ${HOME}/.vimperator
-#whitelist ${HOME}/.pentadactylrc
-#whitelist ${HOME}/.pentadactyl
-#whitelist ${HOME}/.keysnail.js
-#whitelist ${HOME}/.config/gnome-mplayer
-#whitelist ${HOME}/.cache/gnome-mplayer/plugin
-#whitelist ${HOME}/.pki
-#whitelist ${HOME}/.lastpass
-# For silverlight
-#whitelist ${HOME}/.wine-pipelight
-#whitelist ${HOME}/.wine-pipelight64
-#whitelist ${HOME}/.config/pipelight-widevine
-#whitelist ${HOME}/.config/pipelight-silverlight5.1
 mkdir ${HOME}/.cache/moonchild productions/pale moon
 mkdir ${HOME}/.moonchild productions
-whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/moonchild productions/pale moon
 whitelist ${HOME}/.moonchild productions
-include /etc/firejail/whitelist-common.inc
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-tracelog
 # private-bin palemoon
-# private-dev (disabled for now as it will interfere with webcam use in palemoon)
+# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,palemoon,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
-# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
 # private-opt palemoon
-private-tmp
-disable-mnt
+# Redirect
+include /etc/firejail/firefox-common.profile
author	Tad <tad@spotco.us>	2018-02-11 15:27:30 -0500
committer	Tad <tad@spotco.us>	2018-02-11 16:50:52 -0500
commit	df2f568041fd926a217812523399b059bc888233 (patch)
tree	462aefab783de40936af472d51f79518ca861d86 /etc/palemoon.profile
parent	update various application blacklists (diff)
download	firejail-df2f568041fd926a217812523399b059bc888233.tar.gz firejail-df2f568041fd926a217812523399b059bc888233.tar.zst firejail-df2f568041fd926a217812523399b059bc888233.zip

diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 1112a9bb7..e59f20e9d 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile
@@ -8,53 +8,14 @@ include /etc/firejail/globals.local
8	noblacklist ${HOME}/.cache/moonchild productions/pale moon	8	noblacklist ${HOME}/.cache/moonchild productions/pale moon
9	noblacklist ${HOME}/.moonchild productions/pale moon	9	noblacklist ${HOME}/.moonchild productions/pale moon
10		10
11	include /etc/firejail/disable-common.inc
12	include /etc/firejail/disable-devel.inc
13	include /etc/firejail/disable-programs.inc
14
15	# These are uncommented in the Firefox profile. If you run into trouble you may
16	# want to uncomment (some of) them.
17	#whitelist ${HOME}/dwhelper
18	#whitelist ${HOME}/.zotero
19	#whitelist ${HOME}/.vimperatorrc
20	#whitelist ${HOME}/.vimperator
21	#whitelist ${HOME}/.pentadactylrc
22	#whitelist ${HOME}/.pentadactyl
23	#whitelist ${HOME}/.keysnail.js
24	#whitelist ${HOME}/.config/gnome-mplayer
25	#whitelist ${HOME}/.cache/gnome-mplayer/plugin
26	#whitelist ${HOME}/.pki
27	#whitelist ${HOME}/.lastpass
28
29	# For silverlight
30	#whitelist ${HOME}/.wine-pipelight
31	#whitelist ${HOME}/.wine-pipelight64
32	#whitelist ${HOME}/.config/pipelight-widevine
33	#whitelist ${HOME}/.config/pipelight-silverlight5.1
34
35	mkdir ${HOME}/.cache/moonchild productions/pale moon	11	mkdir ${HOME}/.cache/moonchild productions/pale moon
36	mkdir ${HOME}/.moonchild productions	12	mkdir ${HOME}/.moonchild productions
37	whitelist ${DOWNLOADS}
38	whitelist ${HOME}/.cache/moonchild productions/pale moon	13	whitelist ${HOME}/.cache/moonchild productions/pale moon
39	whitelist ${HOME}/.moonchild productions	14	whitelist ${HOME}/.moonchild productions
40	include /etc/firejail/whitelist-common.inc
41
42	caps.drop all
43	netfilter
44	nodvd
45	nogroups
46	nonewprivs
47	noroot
48	notv
49	protocol unix,inet,inet6,netlink
50	seccomp
51	shell none
52	tracelog
53		15
54	# private-bin palemoon	16	# private-bin palemoon
55	# private-dev (disabled for now as it will interfere with webcam use in palemoon)	17	# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,palemoon,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
56	# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
57	# private-opt palemoon	18	# private-opt palemoon
58	private-tmp
59		19
60	disable-mnt	20	# Redirect
		21	include /etc/firejail/firefox-common.profile