diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-05-19 12:00:23 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-05-29 09:34:57 +0200 |
commit | 459a186b2219d9c5e2c1b5e0fc82018f42a8e14e (patch) | |
tree | 309333f7ff26afb5aa76e2fafdc1909a5355372a /etc/profile-a-l | |
parent | reorganizing youtube-viewers (#4128) (diff) | |
download | firejail-459a186b2219d9c5e2c1b5e0fc82018f42a8e14e.tar.gz firejail-459a186b2219d9c5e2c1b5e0fc82018f42a8e14e.tar.zst firejail-459a186b2219d9c5e2c1b5e0fc82018f42a8e14e.zip |
Restrict /usr/libexec
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/0ad.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/apostrophe.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/bijiben.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/celluloid.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-browser-privacy.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/eo-common.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/etr.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/evince.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/file-roller.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/firefox.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/frogatto.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gapplication.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gfeeds.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-maps.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-passwordsafe.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/keepassxc.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/libreoffice.profile | 2 |
17 files changed, 28 insertions, 0 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 454a15ab2..4009853d3 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -10,6 +10,8 @@ noblacklist ${HOME}/.cache/0ad | |||
10 | noblacklist ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | blacklist /usr/libexec | ||
14 | |||
13 | include disable-common.inc | 15 | include disable-common.inc |
14 | include disable-devel.inc | 16 | include disable-devel.inc |
15 | include disable-exec.inc | 17 | include disable-exec.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 54abdb234..01566314f 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -31,6 +31,7 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
34 | whitelist /usr/share/apostrophe | 35 | whitelist /usr/share/apostrophe |
35 | whitelist /usr/share/texlive | 36 | whitelist /usr/share/texlive |
36 | whitelist /usr/share/texmf | 37 | whitelist /usr/share/texmf |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 721a6c082..854fe5cb9 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -20,6 +20,7 @@ include disable-xdg.inc | |||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | whitelist ${HOME}/.local/share/bijiben | 21 | whitelist ${HOME}/.local/share/bijiben |
22 | whitelist ${HOME}/.cache/tracker | 22 | whitelist ${HOME}/.cache/tracker |
23 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
23 | whitelist /usr/share/bijiben | 24 | whitelist /usr/share/bijiben |
24 | whitelist /usr/share/tracker | 25 | whitelist /usr/share/tracker |
25 | whitelist /usr/share/tracker3 | 26 | whitelist /usr/share/tracker3 |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index f02161b9b..1c539cc93 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -17,6 +17,8 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | blacklist /usr/libexec | ||
21 | |||
20 | include disable-common.inc | 22 | include disable-common.inc |
21 | include disable-devel.inc | 23 | include disable-devel.inc |
22 | include disable-exec.inc | 24 | include disable-exec.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 0283a6934..8803a4d9d 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -6,6 +6,8 @@ include chromium-browser-privacy.local | |||
6 | noblacklist ${HOME}/.cache/ungoogled-chromium | 6 | noblacklist ${HOME}/.cache/ungoogled-chromium |
7 | noblacklist ${HOME}/.config/ungoogled-chromium | 7 | noblacklist ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | blacklist /usr/libexec | ||
10 | |||
9 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
10 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
11 | whitelist ${HOME}/.cache/ungoogled-chromium | 13 | whitelist ${HOME}/.cache/ungoogled-chromium |
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index 8e8047b00..fe7913e77 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.local/share/Trash | |||
11 | noblacklist ${HOME}/.Steam | 11 | noblacklist ${HOME}/.Steam |
12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | 13 | ||
14 | blacklist /usr/libexec | ||
15 | |||
14 | include disable-common.inc | 16 | include disable-common.inc |
15 | include disable-devel.inc | 17 | include disable-devel.inc |
16 | include disable-exec.inc | 18 | include disable-exec.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index d44d419c1..fdff1e4b5 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -8,6 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.etr | 9 | noblacklist ${HOME}/.etr |
10 | 10 | ||
11 | blacklist /usr/libexec | ||
12 | |||
11 | include disable-common.inc | 13 | include disable-common.inc |
12 | include disable-devel.inc | 14 | include disable-devel.inc |
13 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index adcb29063..a9e39b15c 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -13,6 +13,8 @@ include globals.local | |||
13 | noblacklist ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | 15 | ||
16 | blacklist /usr/libexec | ||
17 | |||
16 | include disable-common.inc | 18 | include disable-common.inc |
17 | include disable-devel.inc | 19 | include disable-devel.inc |
18 | include disable-exec.inc | 20 | include disable-exec.inc |
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 0b8a8cd6c..4e651ed61 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,6 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /usr/libexec/file-roller | ||
16 | whitelist /usr/share/file-roller | 17 | whitelist /usr/share/file-roller |
17 | include whitelist-runuser-common.inc | 18 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index b22a78458..7874c882f 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -17,6 +17,8 @@ include globals.local | |||
17 | noblacklist ${HOME}/.cache/mozilla | 17 | noblacklist ${HOME}/.cache/mozilla |
18 | noblacklist ${HOME}/.mozilla | 18 | noblacklist ${HOME}/.mozilla |
19 | 19 | ||
20 | blacklist /usr/libexec | ||
21 | |||
20 | mkdir ${HOME}/.cache/mozilla/firefox | 22 | mkdir ${HOME}/.cache/mozilla/firefox |
21 | mkdir ${HOME}/.mozilla | 23 | mkdir ${HOME}/.mozilla |
22 | whitelist ${HOME}/.cache/mozilla/firefox | 24 | whitelist ${HOME}/.cache/mozilla/firefox |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index fa56d2b2d..b4ad81046 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -18,6 +18,7 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | whitelist ${HOME}/.frogatto | 20 | whitelist ${HOME}/.frogatto |
21 | whitelist /usr/libexec/frogatto | ||
21 | whitelist /usr/share/frogatto | 22 | whitelist /usr/share/frogatto |
22 | include whitelist-common.inc | 23 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index f2da60c87..3a8c055f2 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -7,6 +7,7 @@ include gapplication.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | blacklist /usr/libexec | ||
10 | 11 | ||
11 | include disable-common.inc | 12 | include disable-common.inc |
12 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 7ec8ba810..f894a42ca 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -31,6 +31,7 @@ whitelist ${HOME}/.cache/gfeeds | |||
31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds | 31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds |
32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json | 32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json |
33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
34 | whitelist /usr/share/gfeeds | 35 | whitelist /usr/share/gfeeds |
35 | include whitelist-common.inc | 36 | include whitelist-common.inc |
36 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index cf2ac2f75..23aab343f 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -18,6 +18,8 @@ noblacklist ${HOME}/.local/share/maps-places.json | |||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | blacklist /usr/libexec | ||
22 | |||
21 | include disable-common.inc | 23 | include disable-common.inc |
22 | include disable-devel.inc | 24 | include disable-devel.inc |
23 | include disable-exec.inc | 25 | include disable-exec.inc |
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index 763d67b92..fee5f88b9 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -13,6 +13,8 @@ noblacklist ${HOME}/*.kdbx | |||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | blacklist /usr/libexec | ||
17 | |||
16 | include disable-common.inc | 18 | include disable-common.inc |
17 | include disable-devel.inc | 19 | include disable-devel.inc |
18 | include disable-exec.inc | 20 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index c352a5d89..f71dcf82b 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -22,6 +22,8 @@ noblacklist ${HOME}/.config/vivaldi | |||
22 | noblacklist ${HOME}/.local/share/torbrowser | 22 | noblacklist ${HOME}/.local/share/torbrowser |
23 | noblacklist ${HOME}/.mozilla | 23 | noblacklist ${HOME}/.mozilla |
24 | 24 | ||
25 | blacklist /usr/libexec | ||
26 | |||
25 | include disable-common.inc | 27 | include disable-common.inc |
26 | include disable-devel.inc | 28 | include disable-devel.inc |
27 | include disable-exec.inc | 29 | include disable-exec.inc |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index e4440eac0..b1a24888c 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -14,6 +14,8 @@ noblacklist ${HOME}/.config/libreoffice | |||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | ||
18 | |||
17 | include disable-common.inc | 19 | include disable-common.inc |
18 | include disable-devel.inc | 20 | include disable-devel.inc |
19 | include disable-exec.inc | 21 | include disable-exec.inc |