added xapps && cleanup

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-05-07 14:20:03 +1000
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-05-07 14:20:03 +1000
commit: 78fbedbe1199ce7914c021c376bb5752439f8c62 (patch)
tree: 48967e3cec45f38d95075ec133d611c450f60b3b /etc
parent: test fixes (diff)
download: firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.tar.gz
firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.tar.zst
firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.zip
4 files changed, 56 insertions, 5 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 297d25bf2..1f3768693 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/Gpredict
 blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/stellarium
-blacklist ~/.kde/share/apps/okular
+blacklist ${HOME}/.config/atril
-blacklist ~/.kde/share/config/okularrc
+blacklist ${HOME}/.config/xreader
-blacklist ~/.kde/share/config/okularpartrc
+blacklist ${HOME}/.config/xviewer
-blacklist ~/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/okular
-blacklist ~/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde/share/config/okularpartrc
+blacklist ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/config/gwenviewrc
 # Media players
 blacklist ${HOME}/.config/cmus
 blacklist ${HOME}/.config/deadbeef
 blacklist ${HOME}/.config/spotify
 blacklist ${HOME}/.config/vlc
+blacklist ${HOME}/.config/totem
+blacklist ${HOME}/.config/xplayer
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/0ad
 blacklist ${HOME}/.cache/8pecxstudios
+blacklist ${HOME}/.cache/xreader
 # share
 blacklist ${HOME}/.local/share/epiphany
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/wesnoth
 blacklist ${HOME}/.local/share/0ad
+blacklist ${HOME}/.local/share/xplayer
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
new file mode 100644
index 000000000..67a46a7da
--- /dev/null
+++ b/etc/xplayer.profile
@@ -0,0 +1,15 @@
+# Xplayer profile
+noblacklist ~/.config/xplayer
+noblacklist ~/.local/share/xplayer
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
diff --git a/etc/xreader.profile b/etc/xreader.profile
new file mode 100644
index 000000000..7b72d41a6
--- /dev/null
+++ b/etc/xreader.profile
@@ -0,0 +1,16 @@
+# Xreader profile
+noblacklist ~/.config/xreader
+noblacklist ~/.cache/xreader
+noblacklist ~/.local/share
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
new file mode 100644
index 000000000..33e1e3c68
--- /dev/null
+++ b/etc/xviewer.profile
@@ -0,0 +1,13 @@
+noblacklist ~/.config/xviewer
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-05-07 14:20:03 +1000
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-05-07 14:20:03 +1000
commit	78fbedbe1199ce7914c021c376bb5752439f8c62 (patch)
tree	48967e3cec45f38d95075ec133d611c450f60b3b /etc
parent	test fixes (diff)
download	firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.tar.gz firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.tar.zst firejail-78fbedbe1199ce7914c021c376bb5752439f8c62.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 297d25bf2..1f3768693 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet
12	blacklist ${HOME}/.config/Gpredict	12	blacklist ${HOME}/.config/Gpredict
13	blacklist ${HOME}/.config/aweather	13	blacklist ${HOME}/.config/aweather
14	blacklist ${HOME}/.config/stellarium	14	blacklist ${HOME}/.config/stellarium
15	blacklist ~/.kde/share/apps/okular	15	blacklist ${HOME}/.config/atril
16	blacklist ~/.kde/share/config/okularrc	16	blacklist ${HOME}/.config/xreader
17	blacklist ~/.kde/share/config/okularpartrc	17	blacklist ${HOME}/.config/xviewer
18	blacklist ~/.kde/share/apps/gwenview	18	blacklist ${HOME}/.kde/share/apps/okular
19	blacklist ~/.kde/share/config/gwenviewrc	19	blacklist ${HOME}/.kde/share/config/okularrc
		20	blacklist ${HOME}/.kde/share/config/okularpartrc
		21	blacklist ${HOME}/.kde/share/apps/gwenview
		22	blacklist ${HOME}/.kde/share/config/gwenviewrc
20		23
21	# Media players	24	# Media players
22	blacklist ${HOME}/.config/cmus	25	blacklist ${HOME}/.config/cmus
23	blacklist ${HOME}/.config/deadbeef	26	blacklist ${HOME}/.config/deadbeef
24	blacklist ${HOME}/.config/spotify	27	blacklist ${HOME}/.config/spotify
25	blacklist ${HOME}/.config/vlc	28	blacklist ${HOME}/.config/vlc
		29	blacklist ${HOME}/.config/totem
		30	blacklist ${HOME}/.config/xplayer
26		31
27	# HTTP / FTP / Mail	32	# HTTP / FTP / Mail
28	blacklist ${HOME}/.icedove	33	blacklist ${HOME}/.icedove
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission
95	blacklist ${HOME}/.cache/wesnoth	100	blacklist ${HOME}/.cache/wesnoth
96	blacklist ${HOME}/.cache/0ad	101	blacklist ${HOME}/.cache/0ad
97	blacklist ${HOME}/.cache/8pecxstudios	102	blacklist ${HOME}/.cache/8pecxstudios
		103	blacklist ${HOME}/.cache/xreader
98		104
99	# share	105	# share
100	blacklist ${HOME}/.local/share/epiphany	106	blacklist ${HOME}/.local/share/epiphany
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify
103	blacklist ${HOME}/.local/share/steam	109	blacklist ${HOME}/.local/share/steam
104	blacklist ${HOME}/.local/share/wesnoth	110	blacklist ${HOME}/.local/share/wesnoth
105	blacklist ${HOME}/.local/share/0ad	111	blacklist ${HOME}/.local/share/0ad
		112	blacklist ${HOME}/.local/share/xplayer


diff --git a/etc/xplayer.profile b/etc/xplayer.profile new file mode 100644 index 000000000..67a46a7da --- /dev/null +++ b/etc/xplayer.profile
@@ -0,0 +1,15 @@
		1	# Xplayer profile
		2	noblacklist ~/.config/xplayer
		3	noblacklist ~/.local/share/xplayer
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	seccomp
		12	protocol unix,inet,inet6
		13	noroot
		14	tracelog
		15	netfilter


diff --git a/etc/xreader.profile b/etc/xreader.profile new file mode 100644 index 000000000..7b72d41a6 --- /dev/null +++ b/etc/xreader.profile
@@ -0,0 +1,16 @@
		1	# Xreader profile
		2	noblacklist ~/.config/xreader
		3	noblacklist ~/.cache/xreader
		4	noblacklist ~/.local/share
		5
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	caps.drop all
		12	seccomp
		13	protocol unix,inet,inet6
		14	noroot
		15	tracelog
		16	netfilter


diff --git a/etc/xviewer.profile b/etc/xviewer.profile new file mode 100644 index 000000000..33e1e3c68 --- /dev/null +++ b/etc/xviewer.profile
@@ -0,0 +1,13 @@
		1	noblacklist ~/.config/xviewer
		2
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	caps.drop all
		9	seccomp
		10	protocol unix,inet,inet6
		11	noroot
		12	tracelog
		13	netfilter