diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-03-21 12:57:38 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-03-21 12:57:38 -0400 |
| commit | e372c8ab0849b9d2ea4d6a3fa6027403a8acad98 (patch) | |
| tree | 7938359f84e9b776589f938f496c30b4d06be335 /etc | |
| parent | compile cleanup (diff) | |
| download | firejail-e372c8ab0849b9d2ea4d6a3fa6027403a8acad98.tar.gz firejail-e372c8ab0849b9d2ea4d6a3fa6027403a8acad98.tar.zst firejail-e372c8ab0849b9d2ea4d6a3fa6027403a8acad98.zip | |
Removed all .cache directory references from profile files. The directory is disabled by default - a tmpfs is mounted on top of it.
Diffstat (limited to 'etc')
45 files changed, 0 insertions, 154 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 84addc229..d4f06f732 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
| @@ -3,7 +3,6 @@ | |||
| 3 | include /etc/firejail/0ad.local | 3 | include /etc/firejail/0ad.local |
| 4 | 4 | ||
| 5 | # Firejail profile for 0ad. | 5 | # Firejail profile for 0ad. |
| 6 | noblacklist ~/.cache/0ad | ||
| 7 | noblacklist ~/.config/0ad | 6 | noblacklist ~/.config/0ad |
| 8 | noblacklist ~/.local/share/0ad | 7 | noblacklist ~/.local/share/0ad |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| @@ -12,9 +11,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
| 12 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| 13 | 12 | ||
| 14 | # Whitelists | 13 | # Whitelists |
| 15 | mkdir ~/.cache/0ad | ||
| 16 | whitelist ~/.cache/0ad | ||
| 17 | |||
| 18 | mkdir ~/.config/0ad | 14 | mkdir ~/.config/0ad |
| 19 | whitelist ~/.config/0ad | 15 | whitelist ~/.config/0ad |
| 20 | 16 | ||
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b9a30d6bf..3b60750d5 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/abrowser.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Abrowser | 5 | # Firejail profile for Abrowser |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | noblacklist ~/.lastpass | 8 | noblacklist ~/.lastpass |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -22,8 +21,6 @@ tracelog | |||
| 22 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 23 | mkdir ~/.mozilla | 22 | mkdir ~/.mozilla |
| 24 | whitelist ~/.mozilla | 23 | whitelist ~/.mozilla |
| 25 | mkdir ~/.cache/mozilla/abrowser | ||
| 26 | whitelist ~/.cache/mozilla/abrowser | ||
| 27 | whitelist ~/dwhelper | 24 | whitelist ~/dwhelper |
| 28 | whitelist ~/.zotero | 25 | whitelist ~/.zotero |
| 29 | whitelist ~/.vimperatorrc | 26 | whitelist ~/.vimperatorrc |
| @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc | |||
| 32 | whitelist ~/.pentadactyl | 29 | whitelist ~/.pentadactyl |
| 33 | whitelist ~/.keysnail.js | 30 | whitelist ~/.keysnail.js |
| 34 | whitelist ~/.config/gnome-mplayer | 31 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 36 | whitelist ~/.pki | 32 | whitelist ~/.pki |
| 37 | whitelist ~/.lastpass | 33 | whitelist ~/.lastpass |
| 38 | 34 | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..ce823e0db 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/chromium.local | |||
| 4 | 4 | ||
| 5 | # Chromium browser profile | 5 | # Chromium browser profile |
| 6 | noblacklist ~/.config/chromium | 6 | noblacklist ~/.config/chromium |
| 7 | noblacklist ~/.cache/chromium | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -18,8 +17,6 @@ netfilter | |||
| 18 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 19 | mkdir ~/.config/chromium | 18 | mkdir ~/.config/chromium |
| 20 | whitelist ~/.config/chromium | 19 | whitelist ~/.config/chromium |
| 21 | mkdir ~/.cache/chromium | ||
| 22 | whitelist ~/.cache/chromium | ||
| 23 | mkdir ~/.pki | 20 | mkdir ~/.pki |
| 24 | whitelist ~/.pki | 21 | whitelist ~/.pki |
| 25 | 22 | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index a79303f77..d9896e4a7 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/cyberfox.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) | 5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) |
| 6 | noblacklist ~/.8pecxstudios | 6 | noblacklist ~/.8pecxstudios |
| 7 | noblacklist ~/.cache/8pecxstudios | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | noblacklist ~/.lastpass | 8 | noblacklist ~/.lastpass |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -22,8 +21,6 @@ tracelog | |||
| 22 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 23 | mkdir ~/.8pecxstudios | 22 | mkdir ~/.8pecxstudios |
| 24 | whitelist ~/.8pecxstudios | 23 | whitelist ~/.8pecxstudios |
| 25 | mkdir ~/.cache/8pecxstudios | ||
| 26 | whitelist ~/.cache/8pecxstudios | ||
| 27 | whitelist ~/dwhelper | 24 | whitelist ~/dwhelper |
| 28 | whitelist ~/.zotero | 25 | whitelist ~/.zotero |
| 29 | whitelist ~/.vimperatorrc | 26 | whitelist ~/.vimperatorrc |
| @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc | |||
| 32 | whitelist ~/.pentadactyl | 29 | whitelist ~/.pentadactyl |
| 33 | whitelist ~/.keysnail.js | 30 | whitelist ~/.keysnail.js |
| 34 | whitelist ~/.config/gnome-mplayer | 31 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 36 | whitelist ~/.pki | 32 | whitelist ~/.pki |
| 37 | whitelist ~/.lastpass | 33 | whitelist ~/.lastpass |
| 38 | 34 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 06a519e9a..12f8a1755 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -17,44 +17,6 @@ blacklist ${HOME}/.arduino15 | |||
| 17 | blacklist ${HOME}/.atom | 17 | blacklist ${HOME}/.atom |
| 18 | blacklist ${HOME}/.audacity-data | 18 | blacklist ${HOME}/.audacity-data |
| 19 | blacklist ${HOME}/.bcast5 | 19 | blacklist ${HOME}/.bcast5 |
| 20 | blacklist ${HOME}/.cache/0ad | ||
| 21 | blacklist ${HOME}/.cache/8pecxstudios | ||
| 22 | blacklist ${HOME}/.cache/Franz | ||
| 23 | blacklist ${HOME}/.cache/INRIA | ||
| 24 | blacklist ${HOME}/.cache/QuiteRss | ||
| 25 | blacklist ${HOME}/.cache/champlain | ||
| 26 | blacklist ${HOME}/.cache/chromium | ||
| 27 | blacklist ${HOME}/.cache/qupzilla | ||
| 28 | blacklist ${HOME}/.cache/chromium-dev | ||
| 29 | blacklist ${HOME}/.cache/darktable | ||
| 30 | blacklist ${HOME}/.cache/epiphany | ||
| 31 | blacklist ${HOME}/.cache/evolution | ||
| 32 | blacklist ${HOME}/.cache/gajim | ||
| 33 | blacklist ${HOME}/.cache/geeqie | ||
| 34 | blacklist ${HOME}/.cache/google-chrome | ||
| 35 | blacklist ${HOME}/.cache/google-chrome-beta | ||
| 36 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
| 37 | blacklist ${HOME}/.cache/icedove | ||
| 38 | blacklist ${HOME}/.cache/inox | ||
| 39 | blacklist ${HOME}/.cache/libgweather | ||
| 40 | blacklist ${HOME}/.cache/midori | ||
| 41 | blacklist ${HOME}/.cache/mozilla | ||
| 42 | blacklist ${HOME}/.cache/mutt | ||
| 43 | blacklist ${HOME}/.cache/netsurf | ||
| 44 | blacklist ${HOME}/.cache/opera | ||
| 45 | blacklist ${HOME}/.cache/opera-beta | ||
| 46 | blacklist ${HOME}/.cache/org.gnome.Books | ||
| 47 | blacklist ${HOME}/.cache/qutebrowser | ||
| 48 | blacklist ${HOME}/.cache/simple-scan | ||
| 49 | blacklist ${HOME}/.cache/slimjet | ||
| 50 | blacklist ${HOME}/.cache/spotify | ||
| 51 | blacklist ${HOME}/.cache/telepathy | ||
| 52 | blacklist ${HOME}/.cache/thunderbird | ||
| 53 | blacklist ${HOME}/.cache/torbrowser | ||
| 54 | blacklist ${HOME}/.cache/transmission | ||
| 55 | blacklist ${HOME}/.cache/vivaldi | ||
| 56 | blacklist ${HOME}/.cache/wesnoth | ||
| 57 | blacklist ${HOME}/.cache/xreader | ||
| 58 | blacklist ${HOME}/.claws-mail | 20 | blacklist ${HOME}/.claws-mail |
| 59 | blacklist ${HOME}/.config/0ad | 21 | blacklist ${HOME}/.config/0ad |
| 60 | blacklist ${HOME}/.config/Atom | 22 | blacklist ${HOME}/.config/Atom |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 1bf259440..0b281c448 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/epiphany.local | |||
| 4 | 4 | ||
| 5 | # Epiphany browser profile | 5 | # Epiphany browser profile |
| 6 | noblacklist ${HOME}/.config/epiphany | 6 | noblacklist ${HOME}/.config/epiphany |
| 7 | noblacklist ${HOME}/.cache/epiphany | ||
| 8 | noblacklist ${HOME}/.local/share/epiphany | 7 | noblacklist ${HOME}/.local/share/epiphany |
| 9 | 8 | ||
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -16,8 +15,6 @@ mkdir ${HOME}/.local/share/epiphany | |||
| 16 | whitelist ${HOME}/.local/share/epiphany | 15 | whitelist ${HOME}/.local/share/epiphany |
| 17 | mkdir ${HOME}/.config/epiphany | 16 | mkdir ${HOME}/.config/epiphany |
| 18 | whitelist ${HOME}/.config/epiphany | 17 | whitelist ${HOME}/.config/epiphany |
| 19 | mkdir ${HOME}/.cache/epiphany | ||
| 20 | whitelist ${HOME}/.cache/epiphany | ||
| 21 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
| 22 | 19 | ||
| 23 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/evolution.profile b/etc/evolution.profile index cb6615716..637ac334a 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -5,7 +5,6 @@ include /etc/firejail/evolution.local | |||
| 5 | # evolution profile | 5 | # evolution profile |
| 6 | noblacklist ~/.config/evolution | 6 | noblacklist ~/.config/evolution |
| 7 | noblacklist ~/.local/share/evolution | 7 | noblacklist ~/.local/share/evolution |
| 8 | noblacklist ~/.cache/evolution | ||
| 9 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 10 | noblacklist ~/.pki/nssdb | 9 | noblacklist ~/.pki/nssdb |
| 11 | noblacklist ~/.gnupg | 10 | noblacklist ~/.gnupg |
diff --git a/etc/firefox.profile b/etc/firefox.profile index e2cfb9138..dec44ca67 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/firefox.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 8 | noblacklist ~/.config/qpdfview | 7 | noblacklist ~/.config/qpdfview |
| 9 | noblacklist ~/.local/share/qpdfview | 8 | noblacklist ~/.local/share/qpdfview |
| 10 | noblacklist ~/.kde/share/apps/okular | 9 | noblacklist ~/.kde/share/apps/okular |
| @@ -25,8 +24,6 @@ tracelog | |||
| 25 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
| 26 | mkdir ~/.mozilla | 25 | mkdir ~/.mozilla |
| 27 | whitelist ~/.mozilla | 26 | whitelist ~/.mozilla |
| 28 | mkdir ~/.cache/mozilla/firefox | ||
| 29 | whitelist ~/.cache/mozilla/firefox | ||
| 30 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
| 31 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
| 32 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
| @@ -35,7 +32,6 @@ whitelist ~/.pentadactylrc | |||
| 35 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
| 36 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
| 37 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
| 38 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 39 | mkdir ~/.pki | 35 | mkdir ~/.pki |
| 40 | whitelist ~/.pki | 36 | whitelist ~/.pki |
| 41 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 4dc5b5cfc..a35aa7a33 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
| @@ -10,7 +10,6 @@ include /etc/firejail/flashpeak-slimjet.local | |||
| 10 | # firejail flashpeak-slimjet --no-sandbox | 10 | # firejail flashpeak-slimjet --no-sandbox |
| 11 | # | 11 | # |
| 12 | noblacklist ~/.config/slimjet | 12 | noblacklist ~/.config/slimjet |
| 13 | noblacklist ~/.cache/slimjet | ||
| 14 | noblacklist ~/.pki | 13 | noblacklist ~/.pki |
| 15 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| @@ -29,8 +28,6 @@ seccomp | |||
| 29 | whitelist ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
| 30 | mkdir ~/.config/slimjet | 29 | mkdir ~/.config/slimjet |
| 31 | whitelist ~/.config/slimjet | 30 | whitelist ~/.config/slimjet |
| 32 | mkdir ~/.cache/slimjet | ||
| 33 | whitelist ~/.cache/slimjet | ||
| 34 | mkdir ~/.pki | 31 | mkdir ~/.pki |
| 35 | whitelist ~/.pki | 32 | whitelist ~/.pki |
| 36 | 33 | ||
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 3caaad71c..a33514c88 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
| @@ -12,8 +12,5 @@ noblacklist ~/.fossamail | |||
| 12 | mkdir ~/.fossamail | 12 | mkdir ~/.fossamail |
| 13 | whitelist ~/.fossamail | 13 | whitelist ~/.fossamail |
| 14 | 14 | ||
| 15 | noblacklist ~/.cache/fossamail | ||
| 16 | mkdir ~/.cache/fossamail | ||
| 17 | whitelist ~/.cache/fossamail | ||
| 18 | 15 | ||
| 19 | include /etc/firejail/firefox.profile | 16 | include /etc/firejail/firefox.profile |
diff --git a/etc/franz.profile b/etc/franz.profile index 05ff72a47..1692f4516 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/franz.local | |||
| 4 | 4 | ||
| 5 | # Franz profile | 5 | # Franz profile |
| 6 | noblacklist ~/.config/Franz | 6 | noblacklist ~/.config/Franz |
| 7 | noblacklist ~/.cache/Franz | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -21,8 +20,6 @@ seccomp | |||
| 21 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.config/Franz | 21 | mkdir ~/.config/Franz |
| 23 | whitelist ~/.config/Franz | 22 | whitelist ~/.config/Franz |
| 24 | mkdir ~/.cache/Franz | ||
| 25 | whitelist ~/.cache/Franz | ||
| 26 | mkdir ~/.pki | 23 | mkdir ~/.pki |
| 27 | whitelist ~/.pki | 24 | whitelist ~/.pki |
| 28 | 25 | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index bac6cc466..f64d9241a 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
| @@ -3,11 +3,9 @@ | |||
| 3 | include /etc/firejail/gajim.local | 3 | include /etc/firejail/gajim.local |
| 4 | 4 | ||
| 5 | # Firejail profile for Gajim | 5 | # Firejail profile for Gajim |
| 6 | noblacklist ${HOME}/.cache/gajim | ||
| 7 | noblacklist ${HOME}/.local/share/gajim | 6 | noblacklist ${HOME}/.local/share/gajim |
| 8 | noblacklist ${HOME}/.config/gajim | 7 | noblacklist ${HOME}/.config/gajim |
| 9 | 8 | ||
| 10 | mkdir ${HOME}/.cache/gajim | ||
| 11 | mkdir ${HOME}/.local/share/gajim | 9 | mkdir ${HOME}/.local/share/gajim |
| 12 | mkdir ${HOME}/.config/gajim | 10 | mkdir ${HOME}/.config/gajim |
| 13 | mkdir ${HOME}/Downloads | 11 | mkdir ${HOME}/Downloads |
| @@ -17,7 +15,6 @@ mkdir ${HOME}/.local/lib/python2.7/site-packages/ | |||
| 17 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ | 15 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ |
| 18 | read-only ${HOME}/.local/lib/python2.7/site-packages/ | 16 | read-only ${HOME}/.local/lib/python2.7/site-packages/ |
| 19 | 17 | ||
| 20 | whitelist ${HOME}/.cache/gajim | ||
| 21 | whitelist ${HOME}/.local/share/gajim | 18 | whitelist ${HOME}/.local/share/gajim |
| 22 | whitelist ${HOME}/.config/gajim | 19 | whitelist ${HOME}/.config/gajim |
| 23 | whitelist ${HOME}/Downloads | 20 | whitelist ${HOME}/Downloads |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 57f942a50..9f79e15b8 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
| @@ -3,7 +3,6 @@ | |||
| 3 | include /etc/firejail/geeqie.local | 3 | include /etc/firejail/geeqie.local |
| 4 | 4 | ||
| 5 | # Firejail profile for Geeqie | 5 | # Firejail profile for Geeqie |
| 6 | noblacklist ~/.cache/geeqie | ||
| 7 | noblacklist ~/.config/geeqie | 6 | noblacklist ~/.config/geeqie |
| 8 | noblacklist ~/.local/share/geeqie | 7 | noblacklist ~/.local/share/geeqie |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 24ec70e86..03dd7893c 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
| @@ -6,10 +6,8 @@ include /etc/firejail/gjs.local | |||
| 6 | 6 | ||
| 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 8 | 8 | ||
| 9 | noblacklist ~/.cache/org.gnome.Books | ||
| 10 | noblacklist ~/.config/libreoffice | 9 | noblacklist ~/.config/libreoffice |
| 11 | noblacklist ~/.local/share/gnome-photos | 10 | noblacklist ~/.local/share/gnome-photos |
| 12 | noblacklist ~/.cache/libgweather | ||
| 13 | 11 | ||
| 14 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 692e32896..bf2a9f36f 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
| @@ -6,8 +6,6 @@ include /etc/firejail/gnome-books.local | |||
| 6 | 6 | ||
| 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 8 | 8 | ||
| 9 | noblacklist ~/.cache/org.gnome.Books | ||
| 10 | |||
| 11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| 13 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 925420a5a..3b6bdd130 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
| @@ -6,8 +6,6 @@ include /etc/firejail/gnome-weather.local | |||
| 6 | 6 | ||
| 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
| 8 | 8 | ||
| 9 | noblacklist ~/.cache/libgweather | ||
| 10 | |||
| 11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
| 13 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 3bd16de4a..65bc42648 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome-beta.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome beta browser profile | 5 | # Google Chrome beta browser profile |
| 6 | noblacklist ~/.config/google-chrome-beta | 6 | noblacklist ~/.config/google-chrome-beta |
| 7 | noblacklist ~/.cache/google-chrome-beta | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -18,8 +17,6 @@ netfilter | |||
| 18 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 19 | mkdir ~/.config/google-chrome-beta | 18 | mkdir ~/.config/google-chrome-beta |
| 20 | whitelist ~/.config/google-chrome-beta | 19 | whitelist ~/.config/google-chrome-beta |
| 21 | mkdir ~/.cache/google-chrome-beta | ||
| 22 | whitelist ~/.cache/google-chrome-beta | ||
| 23 | mkdir ~/.pki | 20 | mkdir ~/.pki |
| 24 | whitelist ~/.pki | 21 | whitelist ~/.pki |
| 25 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index d2def4f96..6f6fa1bf2 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome-unstable.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome unstable browser profile | 5 | # Google Chrome unstable browser profile |
| 6 | noblacklist ~/.config/google-chrome-unstable | 6 | noblacklist ~/.config/google-chrome-unstable |
| 7 | noblacklist ~/.cache/google-chrome-unstable | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -18,8 +17,6 @@ netfilter | |||
| 18 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 19 | mkdir ~/.config/google-chrome-unstable | 18 | mkdir ~/.config/google-chrome-unstable |
| 20 | whitelist ~/.config/google-chrome-unstable | 19 | whitelist ~/.config/google-chrome-unstable |
| 21 | mkdir ~/.cache/google-chrome-unstable | ||
| 22 | whitelist ~/.cache/google-chrome-unstable | ||
| 23 | mkdir ~/.pki | 20 | mkdir ~/.pki |
| 24 | whitelist ~/.pki | 21 | whitelist ~/.pki |
| 25 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 38feb12a5..131538dd9 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome.local | |||
| 4 | 4 | ||
| 5 | # Google Chrome browser profile | 5 | # Google Chrome browser profile |
| 6 | noblacklist ~/.config/google-chrome | 6 | noblacklist ~/.config/google-chrome |
| 7 | noblacklist ~/.cache/google-chrome | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -18,8 +17,6 @@ netfilter | |||
| 18 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 19 | mkdir ~/.config/google-chrome | 18 | mkdir ~/.config/google-chrome |
| 20 | whitelist ~/.config/google-chrome | 19 | whitelist ~/.config/google-chrome |
| 21 | mkdir ~/.cache/google-chrome | ||
| 22 | whitelist ~/.cache/google-chrome | ||
| 23 | mkdir ~/.pki | 20 | mkdir ~/.pki |
| 24 | whitelist ~/.pki | 21 | whitelist ~/.pki |
| 25 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 64401efe8..4bd3f3047 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/icecat.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for GNU Icecat | 5 | # Firejail profile for GNU Icecat |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | noblacklist ~/.lastpass | 8 | noblacklist ~/.lastpass |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -22,8 +21,6 @@ tracelog | |||
| 22 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 23 | mkdir ~/.mozilla | 22 | mkdir ~/.mozilla |
| 24 | whitelist ~/.mozilla | 23 | whitelist ~/.mozilla |
| 25 | mkdir ~/.cache/mozilla/icecat | ||
| 26 | whitelist ~/.cache/mozilla/icecat | ||
| 27 | whitelist ~/dwhelper | 24 | whitelist ~/dwhelper |
| 28 | whitelist ~/.zotero | 25 | whitelist ~/.zotero |
| 29 | whitelist ~/.vimperatorrc | 26 | whitelist ~/.vimperatorrc |
| @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc | |||
| 32 | whitelist ~/.pentadactyl | 29 | whitelist ~/.pentadactyl |
| 33 | whitelist ~/.keysnail.js | 30 | whitelist ~/.keysnail.js |
| 34 | whitelist ~/.config/gnome-mplayer | 31 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 36 | whitelist ~/.pki | 32 | whitelist ~/.pki |
| 37 | whitelist ~/.lastpass | 33 | whitelist ~/.lastpass |
| 38 | 34 | ||
diff --git a/etc/icedove.profile b/etc/icedove.profile index b5265e992..aae0e3bf5 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
| @@ -14,10 +14,6 @@ noblacklist ~/.icedove | |||
| 14 | mkdir ~/.icedove | 14 | mkdir ~/.icedove |
| 15 | whitelist ~/.icedove | 15 | whitelist ~/.icedove |
| 16 | 16 | ||
| 17 | noblacklist ~/.cache/icedove | ||
| 18 | mkdir ~/.cache/icedove | ||
| 19 | whitelist ~/.cache/icedove | ||
| 20 | |||
| 21 | # allow browsers | 17 | # allow browsers |
| 22 | ignore private-tmp | 18 | ignore private-tmp |
| 23 | include /etc/firejail/firefox.profile | 19 | include /etc/firejail/firefox.profile |
diff --git a/etc/inox.profile b/etc/inox.profile index 0b2e4ee5e..6043ded8a 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/inox.local | |||
| 4 | 4 | ||
| 5 | # Inox browser profile | 5 | # Inox browser profile |
| 6 | noblacklist ~/.config/inox | 6 | noblacklist ~/.config/inox |
| 7 | noblacklist ~/.cache/inox | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -14,8 +13,6 @@ netfilter | |||
| 14 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
| 15 | mkdir ~/.config/inox | 14 | mkdir ~/.config/inox |
| 16 | whitelist ~/.config/inox | 15 | whitelist ~/.config/inox |
| 17 | mkdir ~/.cache/inox | ||
| 18 | whitelist ~/.cache/inox | ||
| 19 | mkdir ~/.pki | 16 | mkdir ~/.pki |
| 20 | whitelist ~/.pki | 17 | whitelist ~/.pki |
| 21 | 18 | ||
diff --git a/etc/iridium.profile b/etc/iridium.profile index 2d79a3935..dcbd0b84b 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/iridium.local | |||
| 4 | 4 | ||
| 5 | # Iridium browser profile | 5 | # Iridium browser profile |
| 6 | noblacklist ~/.config/iridium | 6 | noblacklist ~/.config/iridium |
| 7 | noblacklist ~/.cache/iridium | ||
| 8 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
| 10 | 9 | ||
| @@ -17,8 +16,6 @@ netfilter | |||
| 17 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
| 18 | mkdir ~/.config/iridium | 17 | mkdir ~/.config/iridium |
| 19 | whitelist ~/.config/iridium | 18 | whitelist ~/.config/iridium |
| 20 | mkdir ~/.cache/iridium | ||
| 21 | whitelist ~/.cache/iridium | ||
| 22 | mkdir ~/.pki | 19 | mkdir ~/.pki |
| 23 | whitelist ~/.pki | 20 | whitelist ~/.pki |
| 24 | 21 | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index 2f0809f02..f9d537779 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
| @@ -14,7 +14,6 @@ noblacklist ~/mail | |||
| 14 | noblacklist ~/Mail | 14 | noblacklist ~/Mail |
| 15 | noblacklist ~/sent | 15 | noblacklist ~/sent |
| 16 | noblacklist ~/postponed | 16 | noblacklist ~/postponed |
| 17 | noblacklist ~/.cache/mutt | ||
| 18 | noblacklist ~/.w3m | 17 | noblacklist ~/.w3m |
| 19 | noblacklist ~/.elinks | 18 | noblacklist ~/.elinks |
| 20 | noblacklist ~/.vim | 19 | noblacklist ~/.vim |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index c217346de..a3c360c1e 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/netsurf.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
| 6 | noblacklist ~/.config/netsurf | 6 | noblacklist ~/.config/netsurf |
| 7 | noblacklist ~/.cache/netsurf | ||
| 8 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| @@ -20,7 +19,5 @@ tracelog | |||
| 20 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 21 | mkdir ~/.config/netsurf | 20 | mkdir ~/.config/netsurf |
| 22 | whitelist ~/.config/netsurf | 21 | whitelist ~/.config/netsurf |
| 23 | mkdir ~/.cache/netsurf | ||
| 24 | whitelist ~/.cache/netsurf | ||
| 25 | 22 | ||
| 26 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 92624f334..5a0d54744 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/opera-beta.local | |||
| 4 | 4 | ||
| 5 | # Opera-beta browser profile | 5 | # Opera-beta browser profile |
| 6 | noblacklist ~/.config/opera-beta | 6 | noblacklist ~/.config/opera-beta |
| 7 | noblacklist ~/.cache/opera-beta | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -15,8 +14,6 @@ netfilter | |||
| 15 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
| 16 | mkdir ~/.config/opera-beta | 15 | mkdir ~/.config/opera-beta |
| 17 | whitelist ~/.config/opera-beta | 16 | whitelist ~/.config/opera-beta |
| 18 | mkdir ~/.cache/opera-beta | ||
| 19 | whitelist ~/.cache/opera-beta | ||
| 20 | mkdir ~/.pki | 17 | mkdir ~/.pki |
| 21 | whitelist ~/.pki | 18 | whitelist ~/.pki |
| 22 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera.profile b/etc/opera.profile index 57835f2f2..4af502060 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/opera.local | |||
| 4 | 4 | ||
| 5 | # Opera browser profile | 5 | # Opera browser profile |
| 6 | noblacklist ~/.config/opera | 6 | noblacklist ~/.config/opera |
| 7 | noblacklist ~/.cache/opera | ||
| 8 | noblacklist ~/.opera | 7 | noblacklist ~/.opera |
| 9 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -16,8 +15,6 @@ netfilter | |||
| 16 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
| 17 | mkdir ~/.config/opera | 16 | mkdir ~/.config/opera |
| 18 | whitelist ~/.config/opera | 17 | whitelist ~/.config/opera |
| 19 | mkdir ~/.cache/opera | ||
| 20 | whitelist ~/.cache/opera | ||
| 21 | mkdir ~/.opera | 18 | mkdir ~/.opera |
| 22 | whitelist ~/.opera | 19 | whitelist ~/.opera |
| 23 | mkdir ~/.pki | 20 | mkdir ~/.pki |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 8cac00e03..472d58cee 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/palemoon.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Pale Moon | 5 | # Firejail profile for Pale Moon |
| 6 | noblacklist ~/.moonchild productions/pale moon | 6 | noblacklist ~/.moonchild productions/pale moon |
| 7 | noblacklist ~/.cache/moonchild productions/pale moon | ||
| 8 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| @@ -13,8 +12,6 @@ include /etc/firejail/whitelist-common.inc | |||
| 13 | whitelist ${DOWNLOADS} | 12 | whitelist ${DOWNLOADS} |
| 14 | mkdir ~/.moonchild productions | 13 | mkdir ~/.moonchild productions |
| 15 | whitelist ~/.moonchild productions | 14 | whitelist ~/.moonchild productions |
| 16 | mkdir ~/.cache/moonchild productions/pale moon | ||
| 17 | whitelist ~/.cache/moonchild productions/pale moon | ||
| 18 | 15 | ||
| 19 | caps.drop all | 16 | caps.drop all |
| 20 | netfilter | 17 | netfilter |
| @@ -40,7 +37,6 @@ private-tmp | |||
| 40 | #whitelist ~/.pentadactyl | 37 | #whitelist ~/.pentadactyl |
| 41 | #whitelist ~/.keysnail.js | 38 | #whitelist ~/.keysnail.js |
| 42 | #whitelist ~/.config/gnome-mplayer | 39 | #whitelist ~/.config/gnome-mplayer |
| 43 | #whitelist ~/.cache/gnome-mplayer/plugin | ||
| 44 | #whitelist ~/.pki | 40 | #whitelist ~/.pki |
| 45 | #whitelist ~/.lastpass | 41 | #whitelist ~/.lastpass |
| 46 | 42 | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 834a8b3d6..52a58322e 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
| @@ -15,8 +15,6 @@ mkdir ${HOME}/.local/share/TpLogger | |||
| 15 | whitelist ${HOME}/.local/share/TpLogger | 15 | whitelist ${HOME}/.local/share/TpLogger |
| 16 | mkdir ${HOME}/.config/telepathy-account-widgets | 16 | mkdir ${HOME}/.config/telepathy-account-widgets |
| 17 | whitelist ${HOME}/.config/telepathy-account-widgets | 17 | whitelist ${HOME}/.config/telepathy-account-widgets |
| 18 | mkdir ${HOME}/.cache/telepathy | ||
| 19 | whitelist ${HOME}/.cache/telepathy | ||
| 20 | mkdir ${HOME}/.purple | 18 | mkdir ${HOME}/.purple |
| 21 | whitelist ${HOME}/.purple | 19 | whitelist ${HOME}/.purple |
| 22 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 45cb22ee4..5106fccb2 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
| @@ -14,8 +14,6 @@ mkdir ~/.config/psi+ | |||
| 14 | whitelist ~/.config/psi+ | 14 | whitelist ~/.config/psi+ |
| 15 | mkdir ~/.local/share/psi+ | 15 | mkdir ~/.local/share/psi+ |
| 16 | whitelist ~/.local/share/psi+ | 16 | whitelist ~/.local/share/psi+ |
| 17 | mkdir ~/.cache/psi+ | ||
| 18 | whitelist ~/.cache/psi+ | ||
| 19 | 17 | ||
| 20 | caps.drop all | 18 | caps.drop all |
| 21 | netfilter | 19 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f4e4f96d3..158425e18 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
| @@ -2,7 +2,6 @@ | |||
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/quiterss.local | 3 | include /etc/firejail/quiterss.local |
| 4 | 4 | ||
| 5 | noblacklist ${HOME}/.cache/QuiteRss | ||
| 6 | noblacklist ${HOME}/.config/QuiteRss | 5 | noblacklist ${HOME}/.config/QuiteRss |
| 7 | noblacklist ${HOME}/.config/QuiteRssrc | 6 | noblacklist ${HOME}/.config/QuiteRssrc |
| 8 | noblacklist ${HOME}/.local/share/QuiteRss | 7 | noblacklist ${HOME}/.local/share/QuiteRss |
| @@ -19,8 +18,6 @@ whitelist ${HOME}/.config/QuiteRssrc | |||
| 19 | mkdir ~/.local/share/data | 18 | mkdir ~/.local/share/data |
| 20 | mkdir ~/.local/share/data/QuiteRss | 19 | mkdir ~/.local/share/data/QuiteRss |
| 21 | whitelist ${HOME}/.local/share/data/QuiteRss | 20 | whitelist ${HOME}/.local/share/data/QuiteRss |
| 22 | mkdir ~/.cache/QuiteRss | ||
| 23 | whitelist ${HOME}/.cache/QuiteRss | ||
| 24 | 21 | ||
| 25 | caps.drop all | 22 | caps.drop all |
| 26 | netfilter | 23 | netfilter |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 3f5cb60c0..783bc516d 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/qupzilla.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Qupzilla web browser | 5 | # Firejail profile for Qupzilla web browser |
| 6 | noblacklist ${HOME}/.config/qupzilla | 6 | noblacklist ${HOME}/.config/qupzilla |
| 7 | noblacklist ${HOME}/.cache/qupzilla | ||
| 8 | include /etc/firejail/disable-mgmt.inc | 7 | include /etc/firejail/disable-mgmt.inc |
| 9 | include /etc/firejail/disable-secret.inc | 8 | include /etc/firejail/disable-secret.inc |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -17,7 +16,6 @@ tracelog | |||
| 17 | noroot | 16 | noroot |
| 18 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
| 19 | whitelist ~/.config/qupzilla | 18 | whitelist ~/.config/qupzilla |
| 20 | whitelist ~/.cache/qupzilla | ||
| 21 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
| 22 | 20 | ||
| 23 | # experimental features | 21 | # experimental features |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index f43307ef9..53be1178c 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/qutebrowser.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser | 5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser |
| 6 | noblacklist ~/.config/qutebrowser | 6 | noblacklist ~/.config/qutebrowser |
| 7 | noblacklist ~/.cache/qutebrowser | ||
| 8 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| @@ -20,8 +19,6 @@ tracelog | |||
| 20 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 21 | mkdir ~/.config/qutebrowser | 20 | mkdir ~/.config/qutebrowser |
| 22 | whitelist ~/.config/qutebrowser | 21 | whitelist ~/.config/qutebrowser |
| 23 | mkdir ~/.cache/qutebrowser | ||
| 24 | whitelist ~/.cache/qutebrowser | ||
| 25 | mkdir ~/.local/share/qutebrowser | 22 | mkdir ~/.local/share/qutebrowser |
| 26 | whitelist ~/.local/share/qutebrowser | 23 | whitelist ~/.local/share/qutebrowser |
| 27 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index df1910469..756700c2f 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/seamonkey.local | |||
| 4 | 4 | ||
| 5 | # Firejail profile for Seamoneky based off Mozilla Firefox | 5 | # Firejail profile for Seamoneky based off Mozilla Firefox |
| 6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
| 7 | noblacklist ~/.cache/mozilla | ||
| 8 | noblacklist ~/.pki | 7 | noblacklist ~/.pki |
| 9 | noblacklist ~/.lastpass | 8 | noblacklist ~/.lastpass |
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -22,8 +21,6 @@ tracelog | |||
| 22 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
| 23 | mkdir ~/.mozilla/seamonkey | 22 | mkdir ~/.mozilla/seamonkey |
| 24 | whitelist ~/.mozilla/seamonkey | 23 | whitelist ~/.mozilla/seamonkey |
| 25 | mkdir ~/.cache/mozilla/seamonkey | ||
| 26 | whitelist ~/.cache/mozilla/seamonkey | ||
| 27 | whitelist ~/dwhelper | 24 | whitelist ~/dwhelper |
| 28 | whitelist ~/.zotero | 25 | whitelist ~/.zotero |
| 29 | whitelist ~/.vimperatorrc | 26 | whitelist ~/.vimperatorrc |
| @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc | |||
| 32 | whitelist ~/.pentadactyl | 29 | whitelist ~/.pentadactyl |
| 33 | whitelist ~/.keysnail.js | 30 | whitelist ~/.keysnail.js |
| 34 | whitelist ~/.config/gnome-mplayer | 31 | whitelist ~/.config/gnome-mplayer |
| 35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
| 36 | whitelist ~/.pki | 32 | whitelist ~/.pki |
| 37 | whitelist ~/.lastpass | 33 | whitelist ~/.lastpass |
| 38 | include /etc/firejail/whitelist-common.inc | 34 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index ee7e50ba7..0f6d626a5 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
| @@ -3,8 +3,6 @@ | |||
| 3 | include /etc/firejail/simple-scan.local | 3 | include /etc/firejail/simple-scan.local |
| 4 | 4 | ||
| 5 | # simple-scan profile | 5 | # simple-scan profile |
| 6 | noblacklist ~/.cache/simple-scan | ||
| 7 | |||
| 8 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 843038a2b..23ef75b71 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/spotify.local | |||
| 4 | 4 | ||
| 5 | # Spotify media player profile | 5 | # Spotify media player profile |
| 6 | noblacklist ${HOME}/.config/spotify | 6 | noblacklist ${HOME}/.config/spotify |
| 7 | noblacklist ${HOME}/.cache/spotify | ||
| 8 | noblacklist ${HOME}/.local/share/spotify | 7 | noblacklist ${HOME}/.local/share/spotify |
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| @@ -16,8 +15,6 @@ mkdir ${HOME}/.config/spotify | |||
| 16 | whitelist ${HOME}/.config/spotify | 15 | whitelist ${HOME}/.config/spotify |
| 17 | mkdir ${HOME}/.local/share/spotify | 16 | mkdir ${HOME}/.local/share/spotify |
| 18 | whitelist ${HOME}/.local/share/spotify | 17 | whitelist ${HOME}/.local/share/spotify |
| 19 | mkdir ${HOME}/.cache/spotify | ||
| 20 | whitelist ${HOME}/.cache/spotify | ||
| 21 | 18 | ||
| 22 | caps.drop all | 19 | caps.drop all |
| 23 | netfilter | 20 | netfilter |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 88ab7501e..1dc8b15c7 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
| @@ -14,10 +14,6 @@ noblacklist ~/.thunderbird | |||
| 14 | mkdir ~/.thunderbird | 14 | mkdir ~/.thunderbird |
| 15 | whitelist ~/.thunderbird | 15 | whitelist ~/.thunderbird |
| 16 | 16 | ||
| 17 | noblacklist ~/.cache/thunderbird | ||
| 18 | mkdir ~/.cache/thunderbird | ||
| 19 | whitelist ~/.cache/thunderbird | ||
| 20 | |||
| 21 | # allow browsers | 17 | # allow browsers |
| 22 | ignore private-tmp | 18 | ignore private-tmp |
| 23 | include /etc/firejail/firefox.profile | 19 | include /etc/firejail/firefox.profile |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index dbcc8d041..5b6bec4c1 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/transmission-cli.local | |||
| 4 | 4 | ||
| 5 | # transmission-cli bittorrent profile | 5 | # transmission-cli bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 8 | 7 | ||
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index dcd3317ef..78ce5fba2 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/transmission-gtk.local | |||
| 4 | 4 | ||
| 5 | # transmission-gtk bittorrent profile | 5 | # transmission-gtk bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 8 | 7 | ||
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index ed63f7cff..2f7fe0714 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/transmission-qt.local | |||
| 4 | 4 | ||
| 5 | # transmission-qt bittorrent profile | 5 | # transmission-qt bittorrent profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 8 | 7 | ||
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 0b88789b1..052843882 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/transmission-show.local | |||
| 4 | 4 | ||
| 5 | # transmission-show profile | 5 | # transmission-show profile |
| 6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
| 7 | noblacklist ${HOME}/.cache/transmission | ||
| 8 | 7 | ||
| 9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 2c2fbd9f0..bf6af3926 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/vivaldi.local | |||
| 4 | 4 | ||
| 5 | # Vivaldi browser profile | 5 | # Vivaldi browser profile |
| 6 | noblacklist ~/.config/vivaldi | 6 | noblacklist ~/.config/vivaldi |
| 7 | noblacklist ~/.cache/vivaldi | ||
| 8 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| @@ -14,6 +13,4 @@ netfilter | |||
| 14 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
| 15 | mkdir ~/.config/vivaldi | 14 | mkdir ~/.config/vivaldi |
| 16 | whitelist ~/.config/vivaldi | 15 | whitelist ~/.config/vivaldi |
| 17 | mkdir ~/.cache/vivaldi | ||
| 18 | whitelist ~/.cache/vivaldi | ||
| 19 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 212466f5a..fbb381a86 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/wesnoth.local | |||
| 4 | 4 | ||
| 5 | # Whitelist-based profile for "Battle for Wesnoth" (game). | 5 | # Whitelist-based profile for "Battle for Wesnoth" (game). |
| 6 | noblacklist ${HOME}/.config/wesnoth | 6 | noblacklist ${HOME}/.config/wesnoth |
| 7 | noblacklist ${HOME}/.cache/wesnoth | ||
| 8 | noblacklist ${HOME}/.local/share/wesnoth | 7 | noblacklist ${HOME}/.local/share/wesnoth |
| 9 | 8 | ||
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| @@ -23,8 +22,6 @@ private-tmp | |||
| 23 | 22 | ||
| 24 | mkdir ${HOME}/.local/share/wesnoth | 23 | mkdir ${HOME}/.local/share/wesnoth |
| 25 | mkdir ${HOME}/.config/wesnoth | 24 | mkdir ${HOME}/.config/wesnoth |
| 26 | mkdir ${HOME}/.cache/wesnoth | ||
| 27 | whitelist ${HOME}/.local/share/wesnoth | 25 | whitelist ${HOME}/.local/share/wesnoth |
| 28 | whitelist ${HOME}/.config/wesnoth | 26 | whitelist ${HOME}/.config/wesnoth |
| 29 | whitelist ${HOME}/.cache/wesnoth | ||
| 30 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index cf7797100..516f47041 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
| @@ -19,7 +19,6 @@ whitelist ~/.fonts.conf | |||
| 19 | whitelist ~/.fonts.conf.d | 19 | whitelist ~/.fonts.conf.d |
| 20 | whitelist ~/.local/share/fonts | 20 | whitelist ~/.local/share/fonts |
| 21 | whitelist ~/.config/fontconfig | 21 | whitelist ~/.config/fontconfig |
| 22 | whitelist ~/.cache/fontconfig | ||
| 23 | 22 | ||
| 24 | # gtk | 23 | # gtk |
| 25 | whitelist ~/.gtkrc | 24 | whitelist ~/.gtkrc |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 2e6015aef..51dbcad51 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
| @@ -4,7 +4,6 @@ include /etc/firejail/xreader.local | |||
| 4 | 4 | ||
| 5 | # Xreader profile | 5 | # Xreader profile |
| 6 | noblacklist ~/.config/xreader | 6 | noblacklist ~/.config/xreader |
| 7 | noblacklist ~/.cache/xreader | ||
| 8 | noblacklist ~/.local/share | 7 | noblacklist ~/.local/share |
| 9 | 8 | ||
| 10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |