diff options
| author |  Tad <tad@spotco.us> | 2017-09-22 08:42:52 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-09-22 08:42:52 -0400 |
| commit | 04adc450151cc5107098ef2f555ad526ac9f632e (patch) | |
| tree | ce43807c66368539ffba1630ccedb0819cbc12dc /etc | |
| parent | Fixup merge of #1565 (diff) | |
| download | firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.gz firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.zst firejail-04adc450151cc5107098ef2f555ad526ac9f632e.zip | |
Further fixup #1565 and add a profile for uefitool
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/bluefish.profile | 4 | ||||
| -rw-r--r-- | etc/cliqz.profile | 4 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 3 | ||||
| -rw-r--r-- | etc/pinta.profile | 12 | ||||
| -rw-r--r-- | etc/uefitool.profile | 33 |
5 files changed, 47 insertions, 9 deletions
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index a0bceabbe..f18dea296 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
| @@ -1,11 +1,10 @@ | |||
| 1 | # Firejail profile for pluma | 1 | # Firejail profile for bluefish |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/pluma.local | 4 | include /etc/firejail/pluma.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/pluma | ||
| 9 | 8 | ||
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| @@ -29,7 +28,6 @@ tracelog | |||
| 29 | 28 | ||
| 30 | private-bin bluefish | 29 | private-bin bluefish |
| 31 | private-dev | 30 | private-dev |
| 32 | # private-etc fonts | ||
| 33 | private-tmp | 31 | private-tmp |
| 34 | 32 | ||
| 35 | noexec ${HOME} | 33 | noexec ${HOME} |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 9c0f44e97..a7c791a02 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # Firejail profile for firefox | 1 | # Firejail profile for cliqz |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/firefox.local | 4 | include /etc/firejail/cliqz.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 615e28172..ad589890c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -81,6 +81,7 @@ blacklist ${HOME}/.config/chromium | |||
| 81 | blacklist ${HOME}/.config/chromium-dev | 81 | blacklist ${HOME}/.config/chromium-dev |
| 82 | blacklist ${HOME}/.config/chromium-flags.conf | 82 | blacklist ${HOME}/.config/chromium-flags.conf |
| 83 | blacklist ${HOME}/.config/clipit | 83 | blacklist ${HOME}/.config/clipit |
| 84 | blacklist ${HOME}/.config/cliqz | ||
| 84 | blacklist ${HOME}/.config/cmus | 85 | blacklist ${HOME}/.config/cmus |
| 85 | blacklist ${HOME}/.config/corebird | 86 | blacklist ${HOME}/.config/corebird |
| 86 | blacklist ${HOME}/.config/darktable | 87 | blacklist ${HOME}/.config/darktable |
| @@ -142,6 +143,7 @@ blacklist ${HOME}/.config/opera-beta | |||
| 142 | blacklist ${HOME}/.config/orage | 143 | blacklist ${HOME}/.config/orage |
| 143 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 144 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
| 144 | blacklist ${HOME}/.config/pcmanfm | 145 | blacklist ${HOME}/.config/pcmanfm |
| 146 | blacklist ${HOME}/.config/Pinta | ||
| 145 | blacklist ${HOME}/.config/pix | 147 | blacklist ${HOME}/.config/pix |
| 146 | blacklist ${HOME}/.config/pluma | 148 | blacklist ${HOME}/.config/pluma |
| 147 | blacklist ${HOME}/.config/psi+ | 149 | blacklist ${HOME}/.config/psi+ |
| @@ -408,6 +410,7 @@ blacklist ${HOME}/.cache/calibre | |||
| 408 | blacklist ${HOME}/.cache/champlain | 410 | blacklist ${HOME}/.cache/champlain |
| 409 | blacklist ${HOME}/.cache/chromium | 411 | blacklist ${HOME}/.cache/chromium |
| 410 | blacklist ${HOME}/.cache/chromium-dev | 412 | blacklist ${HOME}/.cache/chromium-dev |
| 413 | blacklist ${HOME}/.cache/cliqz | ||
| 411 | blacklist ${HOME}/.cache/darktable | 414 | blacklist ${HOME}/.cache/darktable |
| 412 | blacklist ${HOME}/.cache/epiphany | 415 | blacklist ${HOME}/.cache/epiphany |
| 413 | blacklist ${HOME}/.cache/evolution | 416 | blacklist ${HOME}/.cache/evolution |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 2562e1b80..4228e5880 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
| @@ -1,15 +1,21 @@ | |||
| 1 | # Firejail profile for krita | 1 | # Firejail profile for pinta |
| 2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include /etc/firejail/krita.local | 4 | include /etc/firejail/pinta.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.config/Pinta | ||
| 10 | |||
| 8 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 12 | 15 | ||
| 16 | whitelist ${HOME}/.config/Pinta | ||
| 17 | include /etc/firejail/whitelist-common.inc | ||
| 18 | |||
| 13 | caps.drop all | 19 | caps.drop all |
| 14 | ipc-namespace | 20 | ipc-namespace |
| 15 | net none | 21 | net none |
| @@ -27,7 +33,5 @@ shell none | |||
| 27 | private-dev | 33 | private-dev |
| 28 | private-tmp | 34 | private-tmp |
| 29 | 35 | ||
| 30 | |||
| 31 | whitelist ~/.config/Pinta | ||
| 32 | noexec ${HOME} | 36 | noexec ${HOME} |
| 33 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile new file mode 100644 index 000000000..138f69aa8 --- /dev/null +++ b/etc/uefitool.profile | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | # Firejail profile for uefitool | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | # Persistent local customizations | ||
| 4 | include /etc/firejail/uefitool.local | ||
| 5 | # Persistent global definitions | ||
| 6 | include /etc/firejail/globals.local | ||
| 7 | |||
| 8 | |||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-devel.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | ||
| 13 | |||
| 14 | caps.drop all | ||
| 15 | ipc-namespace | ||
| 16 | net none | ||
| 17 | no3d | ||
| 18 | nodvd | ||
| 19 | nogroups | ||
| 20 | nonewprivs | ||
| 21 | noroot | ||
| 22 | nosound | ||
| 23 | notv | ||
| 24 | novideo | ||
| 25 | protocol unix | ||
| 26 | seccomp | ||
| 27 | shell none | ||
| 28 | |||
| 29 | private-dev | ||
| 30 | private-tmp | ||
| 31 | |||
| 32 | noexec ${HOME} | ||
| 33 | noexec /tmp | ||