summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-04-04 14:31:28 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2018-04-04 14:31:28 +0200
commit5b841b615dcec9bd93168f3061be68dbdb35e708 (patch)
tree4794d7641149dbf40fbc6d49be5ca83b4f2c6cff /etc
parentdeprecated --git-install and --git-uninstall (diff)
downloadfirejail-5b841b615dcec9bd93168f3061be68dbdb35e708.tar.gz
firejail-5b841b615dcec9bd93168f3061be68dbdb35e708.tar.zst
firejail-5b841b615dcec9bd93168f3061be68dbdb35e708.zip
fix a0502dc5144185b6d346e92944e3359a833d2378, various enhancements
Diffstat (limited to 'etc')
-rw-r--r--etc/basilisk.profile50
-rw-r--r--etc/dex2jar.profile6
-rw-r--r--etc/disable-common.inc3
-rw-r--r--etc/disable-programs.inc2
-rw-r--r--etc/display.profile6
-rw-r--r--etc/kate.profile2
-rw-r--r--etc/kmail.profile1
-rw-r--r--etc/knotes.profile11
-rw-r--r--etc/palemoon.profile1
9 files changed, 16 insertions, 66 deletions
diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index c13be364b..ac7f30c04 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -8,54 +8,16 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/moonchild productions/basilisk 8noblacklist ${HOME}/.cache/moonchild productions/basilisk
9noblacklist ${HOME}/.moonchild productions/basilisk 9noblacklist ${HOME}/.moonchild productions/basilisk
10 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-programs.inc
15
16# These are uncommented in the Firefox profile. If you run into trouble you may
17# want to uncomment (some of) them.
18#whitelist ${HOME}/dwhelper
19#whitelist ${HOME}/.zotero
20#whitelist ${HOME}/.vimperatorrc
21#whitelist ${HOME}/.vimperator
22#whitelist ${HOME}/.pentadactylrc
23#whitelist ${HOME}/.pentadactyl
24#whitelist ${HOME}/.keysnail.js
25#whitelist ${HOME}/.config/gnome-mplayer
26#whitelist ${HOME}/.cache/gnome-mplayer/plugin
27#whitelist ${HOME}/.pki
28#whitelist ${HOME}/.lastpass
29
30# For silverlight
31#whitelist ${HOME}/.wine-pipelight
32#whitelist ${HOME}/.wine-pipelight64
33#whitelist ${HOME}/.config/pipelight-widevine
34#whitelist ${HOME}/.config/pipelight-silverlight5.1
35
36mkdir ${HOME}/.cache/moonchild productions/basilisk 11mkdir ${HOME}/.cache/moonchild productions/basilisk
37mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
38whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
39whitelist ${HOME}/.cache/moonchild productions/basilisk 14whitelist ${HOME}/.cache/moonchild productions/basilisk
40whitelist ${HOME}/.moonchild productions 15whitelist ${HOME}/.moonchild productions
41include /etc/firejail/whitelist-common.inc
42
43caps.drop all
44netfilter
45nodvd
46nogroups
47nonewprivs
48noroot
49notv
50protocol unix,inet,inet6,netlink
51seccomp
52shell none
53tracelog
54 16
55# private-bin basilisk 17#private-bin basilisk
56# private-dev (disabled for now as it will interfere with webcam use in basilisk) 18# private-etc must first be enabled in firefox-common.profile
57# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 19#private-etc basilisk
58# private-opt basilisk 20#private-opt basilisk
59private-tmp
60 21
61disable-mnt 22# Redirect
23include /etc/firejail/firefox-common.profile
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index f01675186..0634c0eaf 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -12,12 +12,6 @@ noblacklist /usr/lib/java
12noblacklist /etc/java 12noblacklist /etc/java
13noblacklist /usr/share/java 13noblacklist /usr/share/java
14 14
15# Allow access to java
16noblacklist ${PATH}/java
17noblacklist /usr/lib/java
18noblacklist /etc/java
19noblacklist /usr/share/java
20
21include /etc/firejail/disable-common.inc 15include /etc/firejail/disable-common.inc
22include /etc/firejail/disable-devel.inc 16include /etc/firejail/disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 17include /etc/firejail/disable-interpreters.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 0f605b933..c5c434186 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -48,6 +48,7 @@ read-only ${HOME}/.Xauthority
48# KDE config 48# KDE config
49blacklist ${HOME}/.config/khotkeysrc 49blacklist ${HOME}/.config/khotkeysrc
50blacklist ${HOME}/.config/krunnerrc 50blacklist ${HOME}/.config/krunnerrc
51blacklist ${HOME}/.config/kscreenlockerrc
51blacklist ${HOME}/.config/ksslcertificatemanager 52blacklist ${HOME}/.config/ksslcertificatemanager
52blacklist ${HOME}/.config/kwinrc 53blacklist ${HOME}/.config/kwinrc
53blacklist ${HOME}/.config/kwinrulesrc 54blacklist ${HOME}/.config/kwinrulesrc
@@ -59,6 +60,7 @@ blacklist ${HOME}/.kde/share/apps/plasma
59blacklist ${HOME}/.kde/share/apps/solid 60blacklist ${HOME}/.kde/share/apps/solid
60blacklist ${HOME}/.kde/share/config/khotkeysrc 61blacklist ${HOME}/.kde/share/config/khotkeysrc
61blacklist ${HOME}/.kde/share/config/krunnerrc 62blacklist ${HOME}/.kde/share/config/krunnerrc
63blacklist ${HOME}/.kde/share/config/kscreensaverrc
62blacklist ${HOME}/.kde/share/config/ksslcertificatemanager 64blacklist ${HOME}/.kde/share/config/ksslcertificatemanager
63blacklist ${HOME}/.kde/share/config/kwinrc 65blacklist ${HOME}/.kde/share/config/kwinrc
64blacklist ${HOME}/.kde/share/config/kwinrulesrc 66blacklist ${HOME}/.kde/share/config/kwinrulesrc
@@ -68,6 +70,7 @@ blacklist ${HOME}/.kde4/share/apps/plasma
68blacklist ${HOME}/.kde4/share/apps/solid 70blacklist ${HOME}/.kde4/share/apps/solid
69blacklist ${HOME}/.kde4/share/config/khotkeysrc 71blacklist ${HOME}/.kde4/share/config/khotkeysrc
70blacklist ${HOME}/.kde4/share/config/krunnerrc 72blacklist ${HOME}/.kde4/share/config/krunnerrc
73blacklist ${HOME}/.kde4/share/config/kscreensaverrc
71blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager 74blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager
72blacklist ${HOME}/.kde4/share/config/kwinrc 75blacklist ${HOME}/.kde4/share/config/kwinrc
73blacklist ${HOME}/.kde4/share/config/kwinrulesrc 76blacklist ${HOME}/.kde4/share/config/kwinrulesrc
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index c40935e15..38b66f175 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -48,6 +48,7 @@ blacklist ${HOME}/.config/Cryptocat
48blacklist ${HOME}/.config/Franz 48blacklist ${HOME}/.config/Franz
49blacklist ${HOME}/.config/FreeCAD 49blacklist ${HOME}/.config/FreeCAD
50blacklist ${HOME}/.config/Fritzing 50blacklist ${HOME}/.config/Fritzing
51blacklist ${HOME}/.config/GIMP
51blacklist ${HOME}/.config/Gitter 52blacklist ${HOME}/.config/Gitter
52blacklist ${HOME}/.config/Google 53blacklist ${HOME}/.config/Google
53blacklist ${HOME}/.config/Google Play Music Desktop Player 54blacklist ${HOME}/.config/Google Play Music Desktop Player
@@ -149,6 +150,7 @@ blacklist ${HOME}/.config/kdenliverc
149blacklist ${HOME}/.config/kgetrc 150blacklist ${HOME}/.config/kgetrc
150blacklist ${HOME}/.config/klipperrc 151blacklist ${HOME}/.config/klipperrc
151blacklist ${HOME}/.config/kmail2rc 152blacklist ${HOME}/.config/kmail2rc
153blacklist ${HOME}/.config/kmailsearchindexingrc
152blacklist ${HOME}/.config/kritarc 154blacklist ${HOME}/.config/kritarc
153blacklist ${HOME}/.config/kwriterc 155blacklist ${HOME}/.config/kwriterc
154blacklist ${HOME}/.config/kdeconnect 156blacklist ${HOME}/.config/kdeconnect
diff --git a/etc/display.profile b/etc/display.profile
index ca776a5d1..01196f5ac 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -11,12 +11,6 @@ noblacklist ${PATH}/python3*
11noblacklist /usr/lib/python2* 11noblacklist /usr/lib/python2*
12noblacklist /usr/lib/python3* 12noblacklist /usr/lib/python3*
13 13
14# Allow python (blacklisted by disable-interpreters.inc)
15noblacklist ${PATH}/python2*
16noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3*
19
20include /etc/firejail/disable-common.inc 14include /etc/firejail/disable-common.inc
21include /etc/firejail/disable-devel.inc 15include /etc/firejail/disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 16include /etc/firejail/disable-interpreters.inc
diff --git a/etc/kate.profile b/etc/kate.profile
index 7408ee0ef..240bdb62a 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -15,7 +15,7 @@ noblacklist ${HOME}/.local/share/kate
15 15
16include /etc/firejail/disable-common.inc 16include /etc/firejail/disable-common.inc
17# include /etc/firejail/disable-devel.inc 17# include /etc/firejail/disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18# include /etc/firejail/disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include /etc/firejail/disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include /etc/firejail/disable-programs.inc
21 21
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 748780218..202faeb16 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.config/baloorc
15noblacklist ${HOME}/.config/emaildefaults 15noblacklist ${HOME}/.config/emaildefaults
16noblacklist ${HOME}/.config/emailidentities 16noblacklist ${HOME}/.config/emailidentities
17noblacklist ${HOME}/.config/kmail2rc 17noblacklist ${HOME}/.config/kmail2rc
18noblacklist ${HOME}/.config/kmailsearchindexingrc
18noblacklist ${HOME}/.config/mailtransports 19noblacklist ${HOME}/.config/mailtransports
19noblacklist ${HOME}/.config/specialmailcollectionsrc 20noblacklist ${HOME}/.config/specialmailcollectionsrc
20noblacklist ${HOME}/.gnupg 21noblacklist ${HOME}/.gnupg
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 35e2699bd..4bbbd332d 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -5,15 +5,8 @@ include /etc/firejail/knotes.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.config/akonadi* 8# knotes has problems launching akonadi in debian and ubuntu.
9noblacklist ${HOME}/.config/knotesrc 9# one solution is to have akonadi already running when knotes is started
10noblacklist ${HOME}/.local/share/akonadi/*
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17 10
18noblacklist ${HOME}/.config/knotesrc 11noblacklist ${HOME}/.config/knotesrc
19noblacklist ${HOME}/.local/share/knotes 12noblacklist ${HOME}/.local/share/knotes
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index ff7087e55..c59ef9126 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.moonchild productions/pale moon
10 10
11mkdir ${HOME}/.cache/moonchild productions/pale moon 11mkdir ${HOME}/.cache/moonchild productions/pale moon
12mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
13whitelist ${DOWNLOADS}
13whitelist ${HOME}/.cache/moonchild productions/pale moon 14whitelist ${HOME}/.cache/moonchild productions/pale moon
14whitelist ${HOME}/.moonchild productions 15whitelist ${HOME}/.moonchild productions
15 16
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 15:46:01 +0000