diff options
author | hawkeye116477 <hawkeye116477@gmail.com> | 2017-06-22 19:26:28 +0200 |
---|---|---|
committer | hawkeye116477 <hawkeye116477@gmail.com> | 2017-06-22 19:26:28 +0200 |
commit | 4ccb35df264267e00c38953f93dddd1dc9581fa5 (patch) | |
tree | 0700fd4306ef514d8f28ce11138c1a1ff1a29c87 /etc | |
parent | Update profile for Cyberfox (diff) | |
parent | Merge pull request #1343 from BafDyce/fix-example-typo (diff) | |
download | firejail-4ccb35df264267e00c38953f93dddd1dc9581fa5.tar.gz firejail-4ccb35df264267e00c38953f93dddd1dc9581fa5.tar.zst firejail-4ccb35df264267e00c38953f93dddd1dc9581fa5.zip |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'etc')
69 files changed, 372 insertions, 45 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 596cb845a..e946c1418 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -29,6 +29,7 @@ netfilter | |||
29 | nogroups | 29 | nogroups |
30 | nonewprivs | 30 | nonewprivs |
31 | noroot | 31 | noroot |
32 | novideo | ||
32 | protocol unix,inet,inet6 | 33 | protocol unix,inet,inet6 |
33 | seccomp | 34 | seccomp |
34 | shell none | 35 | shell none |
diff --git a/etc/7z.profile b/etc/7z.profile index f36735303..c7c857dc8 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/7z.local | 7 | include /etc/firejail/7z.local |
7 | 8 | ||
8 | # 7zip crompression tool profile | 9 | # 7zip crompression tool profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | 11 | ||
12 | include /etc/firejail/default.profile | 12 | include /etc/firejail/default.profile |
@@ -15,6 +15,8 @@ blacklist /tmp/.X11-unix | |||
15 | 15 | ||
16 | tracelog | 16 | tracelog |
17 | net none | 17 | net none |
18 | nosound | ||
19 | novideo | ||
18 | shell none | 20 | shell none |
19 | private-dev | 21 | private-dev |
20 | nosound | 22 | nosound |
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 5a42e28e8..367aa5672 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | novideo | ||
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
diff --git a/etc/atom.profile b/etc/atom.profile index fc9e49eab..726682617 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | novideo | ||
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
diff --git a/etc/atool.profile b/etc/atool.profile index 3f4b60312..a66b4b1c5 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -16,6 +16,7 @@ nogroups | |||
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | nosound | 18 | nosound |
19 | novideo | ||
19 | protocol unix | 20 | protocol unix |
20 | seccomp | 21 | seccomp |
21 | netfilter | 22 | netfilter |
diff --git a/etc/atril.profile b/etc/atril.profile index a9199f512..0abad494a 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | novideo | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 67b625f2b..5b38d84e8 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -21,6 +21,7 @@ no3d | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | novideo | ||
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
diff --git a/etc/aweather.profile b/etc/aweather.profile index 73bf1cc5a..9d8e336cd 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | novideo | ||
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 9caef7508..2fe6d1927 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | novideo | ||
25 | protocol unix | 26 | protocol unix |
26 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 27 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
27 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old | 28 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 9b205456a..2162151a1 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -29,6 +29,7 @@ nogroups | |||
29 | nonewprivs | 29 | nonewprivs |
30 | noroot | 30 | noroot |
31 | nosound | 31 | nosound |
32 | novideo | ||
32 | protocol unix,inet,inet6,netlink | 33 | protocol unix,inet,inet6,netlink |
33 | seccomp | 34 | seccomp |
34 | shell none | 35 | shell none |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 40c7a5c83..345dd119a 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | novideo | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
diff --git a/etc/bless.profile b/etc/bless.profile index 436c06a15..c9ccfc02e 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -28,6 +28,7 @@ nogroups | |||
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | nosound | 30 | nosound |
31 | novideo | ||
31 | protocol unix | 32 | protocol unix |
32 | seccomp | 33 | seccomp |
33 | shell none | 34 | shell none |
diff --git a/etc/brasero.profile b/etc/brasero.profile index ac9ea8a7c..d013e0b8e 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -20,9 +20,9 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | novideo | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | netfilter | ||
26 | shell none | 26 | shell none |
27 | tracelog | 27 | tracelog |
28 | 28 | ||
diff --git a/etc/calibre.profile b/etc/calibre.profile new file mode 100644 index 000000000..b75e0c276 --- /dev/null +++ b/etc/calibre.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/calibre.local | ||
7 | |||
8 | noblacklist ~/.config/calibre | ||
9 | noblacklist ~/.cache/calibre | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | #include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | #ipc-namespace | ||
18 | netfilter | ||
19 | no3d | ||
20 | nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | nosound | ||
24 | novideo | ||
25 | protocol unix,inet,inet6 | ||
26 | seccomp | ||
27 | shell none | ||
28 | tracelog | ||
29 | |||
30 | #private-bin | ||
31 | private-dev | ||
32 | private-tmp | ||
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/catfish.profile b/etc/catfish.profile new file mode 100644 index 000000000..0deaca1b5 --- /dev/null +++ b/etc/catfish.profile | |||
@@ -0,0 +1,32 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/catfish.local | ||
7 | |||
8 | # Firejail profile for catfish | ||
9 | noblacklist ~/.config/catfish | ||
10 | |||
11 | # We can't blacklist much since catfish | ||
12 | # is for finding files/content | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | |||
15 | caps.drop all | ||
16 | net none | ||
17 | no3d | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | nosound | ||
22 | novideo | ||
23 | protocol unix | ||
24 | seccomp | ||
25 | shell none | ||
26 | tracelog | ||
27 | |||
28 | # These options work but are disabled in case | ||
29 | # a users wants to search in these directories. | ||
30 | #private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m | ||
31 | #private-dev | ||
32 | #private-tmp | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 258be50d6..0ac71ca3c 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | novideo | ||
23 | seccomp | 24 | seccomp |
24 | protocol unix,inet,inet6,netlink | 25 | protocol unix,inet,inet6,netlink |
25 | tracelog | 26 | tracelog |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 7e73634ec..2728bf74a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -34,7 +34,7 @@ nogroups | |||
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | #private-tmp - problems with multiple browser sessions |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
40 | noexec /tmp | 40 | noexec /tmp |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 0f585e43e..ccacc632d 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | novideo | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | # Clementine makes ioprio_set system calls, which are blacklisted by default. | 19 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
19 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old | 20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old |
diff --git a/etc/clipit.profile b/etc/clipit.profile index cd744a022..b671b253b 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -15,6 +15,7 @@ caps.drop all | |||
15 | netfilter | 15 | netfilter |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | novideo | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | 21 | ||
diff --git a/etc/cpio.profile b/etc/cpio.profile index f38e0a6ce..fe1dc0408 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -8,7 +9,6 @@ include /etc/firejail/cpio.local | |||
8 | # cpio profile | 9 | # cpio profile |
9 | # /sbin and /usr/sbin are visible inside the sandbox | 10 | # /sbin and /usr/sbin are visible inside the sandbox |
10 | # /boot is not visible and /var is heavily modified | 11 | # /boot is not visible and /var is heavily modified |
11 | quiet | ||
12 | noblacklist /sbin | 12 | noblacklist /sbin |
13 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
diff --git a/etc/curl.profile b/etc/curl.profile new file mode 100644 index 000000000..58b5f050a --- /dev/null +++ b/etc/curl.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | quiet | ||
2 | # Persistent global definitions go here | ||
3 | include /etc/firejail/globals.local | ||
4 | |||
5 | # This file is overwritten during software install. | ||
6 | # Persistent customizations should go in a .local file. | ||
7 | include /etc/firejail/curl.local | ||
8 | |||
9 | # curl profile | ||
10 | noblacklist ~/.curlrc | ||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | |||
15 | caps.drop all | ||
16 | #ipc-namespace | ||
17 | netfilter | ||
18 | no3d | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | nosound | ||
23 | protocol unix,inet,inet6 | ||
24 | seccomp | ||
25 | shell none | ||
26 | |||
27 | blacklist /tmp/.X11-unix | ||
28 | |||
29 | # private-bin curl | ||
30 | private-dev | ||
31 | # private-etc resolv.conf | ||
32 | private-tmp | ||
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 8d50dedda..486df1d99 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -20,6 +20,7 @@ no3d | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | novideo | ||
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
diff --git a/etc/deluge.profile b/etc/deluge.profile index db2d339c7..4e7d90e53 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -24,6 +24,7 @@ netfilter | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | novideo | ||
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
29 | 30 | ||
diff --git a/etc/dia.profile b/etc/dia.profile index fc564b96d..4e009afd7 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -14,6 +14,7 @@ caps.drop all | |||
14 | netfilter | 14 | netfilter |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | novideo | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | 20 | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile new file mode 100644 index 000000000..fd19953a0 --- /dev/null +++ b/etc/digikam.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/digikam.local | ||
7 | |||
8 | noblacklist ${HOME}/.kde4/share/apps/digikam | ||
9 | noblacklist ${HOME}/.kde/share/apps/digikam | ||
10 | noblacklist ${HOME}/.config/digikamrc | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | include /etc/firejail/disable-devel.inc | ||
16 | |||
17 | caps.drop all | ||
18 | netfilter | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | protocol unix,inet,inet6,netlink | ||
22 | |||
23 | # This is a seccomp whitelist profile for Debian jessie, Kubuntu 17.04. | ||
24 | # Uncomment seccomp.keep line and try it out. By default only the regular seccomp blacklist profile is enabled. | ||
25 | #seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group | ||
26 | seccomp | ||
27 | |||
28 | nogroups | ||
29 | shell none | ||
30 | # private-bin program | ||
31 | # private-etc none | ||
32 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | ||
33 | private-tmp | ||
diff --git a/etc/dino.profile b/etc/dino.profile index a979cad7c..6d63e894e 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -26,6 +26,7 @@ nogroups | |||
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | nosound | 28 | nosound |
29 | novideo | ||
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | seccomp | 31 | seccomp |
31 | shell none | 32 | shell none |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index af0bbfce6..7a3ca37ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -62,6 +62,8 @@ blacklist ${HOME}/.config/borg | |||
62 | blacklist ${HOME}/.config/brasero | 62 | blacklist ${HOME}/.config/brasero |
63 | blacklist ${HOME}/.config/brave | 63 | blacklist ${HOME}/.config/brave |
64 | blacklist ${HOME}/.config/caja | 64 | blacklist ${HOME}/.config/caja |
65 | blacklist ${HOME}/.config/calibre | ||
66 | blacklist ${HOME}/.config/catfish | ||
65 | blacklist ${HOME}/.config/cherrytree | 67 | blacklist ${HOME}/.config/cherrytree |
66 | blacklist ${HOME}/.config/chromium | 68 | blacklist ${HOME}/.config/chromium |
67 | blacklist ${HOME}/.config/chromium-dev | 69 | blacklist ${HOME}/.config/chromium-dev |
@@ -71,6 +73,7 @@ blacklist ${HOME}/.config/cmus | |||
71 | blacklist ${HOME}/.config/darktable | 73 | blacklist ${HOME}/.config/darktable |
72 | blacklist ${HOME}/.config/deadbeef | 74 | blacklist ${HOME}/.config/deadbeef |
73 | blacklist ${HOME}/.config/deluge | 75 | blacklist ${HOME}/.config/deluge |
76 | blacklist ${HOME}/.config/digikam | ||
74 | blacklist ${HOME}/.config/dolphinrc | 77 | blacklist ${HOME}/.config/dolphinrc |
75 | blacklist ${HOME}/.config/dragonplayerrc | 78 | blacklist ${HOME}/.config/dragonplayerrc |
76 | blacklist ${HOME}/.config/enchant | 79 | blacklist ${HOME}/.config/enchant |
@@ -85,11 +88,12 @@ blacklist ${HOME}/.config/galculator | |||
85 | blacklist ${HOME}/.config/geany | 88 | blacklist ${HOME}/.config/geany |
86 | blacklist ${HOME}/.config/geeqie | 89 | blacklist ${HOME}/.config/geeqie |
87 | blacklist ${HOME}/.config/gedit | 90 | blacklist ${HOME}/.config/gedit |
91 | blacklist ${HOME}/.config/ghb | ||
88 | blacklist ${HOME}/.config/globaltime | 92 | blacklist ${HOME}/.config/globaltime |
89 | blacklist ${HOME}/.config/google-chrome | 93 | blacklist ${HOME}/.config/google-chrome |
90 | blacklist ${HOME}/.config/google-chrome-beta | 94 | blacklist ${HOME}/.config/google-chrome-beta |
91 | blacklist ${HOME}/.config/google-chrome-unstable | 95 | blacklist ${HOME}/.config/google-chrome-unstable |
92 | blacklist ${HOME}./config/gpicview | 96 | blacklist ${HOME}/.config/gpicview |
93 | blacklist ${HOME}/.config/gthumb | 97 | blacklist ${HOME}/.config/gthumb |
94 | blacklist ${HOME}/.config/gwenviewrc | 98 | blacklist ${HOME}/.config/gwenviewrc |
95 | blacklist ${HOME}/.config/hexchat | 99 | blacklist ${HOME}/.config/hexchat |
@@ -103,6 +107,7 @@ blacklist ${HOME}/.config/katesyntaxhighlightingrc | |||
103 | blacklist ${HOME}/.config/katevirc | 107 | blacklist ${HOME}/.config/katevirc |
104 | blacklist ${HOME}/.config/kdeconnect | 108 | blacklist ${HOME}/.config/kdeconnect |
105 | blacklist ${HOME}/.config/knotesrc | 109 | blacklist ${HOME}/.config/knotesrc |
110 | blacklist ${HOME}/.config/ktorrentrc | ||
106 | blacklist ${HOME}/.config/leafpad | 111 | blacklist ${HOME}/.config/leafpad |
107 | blacklist ${HOME}/.config/libreoffice | 112 | blacklist ${HOME}/.config/libreoffice |
108 | blacklist ${HOME}/.config/lximage-qt | 113 | blacklist ${HOME}/.config/lximage-qt |
@@ -136,6 +141,7 @@ blacklist ${HOME}/.config/redshift.conf | |||
136 | blacklist ${HOME}/.config/scribus | 141 | blacklist ${HOME}/.config/scribus |
137 | blacklist ${HOME}/.config/skypeforlinux | 142 | blacklist ${HOME}/.config/skypeforlinux |
138 | blacklist ${HOME}/.config/slimjet | 143 | blacklist ${HOME}/.config/slimjet |
144 | blacklist ${HOME}/.config/smplayer | ||
139 | blacklist ${HOME}/.config/spotify | 145 | blacklist ${HOME}/.config/spotify |
140 | blacklist ${HOME}/.config/stellarium | 146 | blacklist ${HOME}/.config/stellarium |
141 | blacklist ${HOME}/.config/synfig | 147 | blacklist ${HOME}/.config/synfig |
@@ -166,6 +172,7 @@ blacklist ${HOME}/.config/xviewer | |||
166 | blacklist ${HOME}/.config/zathura | 172 | blacklist ${HOME}/.config/zathura |
167 | blacklist ${HOME}/.config/zoomus.conf | 173 | blacklist ${HOME}/.config/zoomus.conf |
168 | blacklist ${HOME}/.conkeror.mozdev.org | 174 | blacklist ${HOME}/.conkeror.mozdev.org |
175 | blacklist ${HOME}/.curlrc | ||
169 | blacklist ${HOME}/.dia | 176 | blacklist ${HOME}/.dia |
170 | blacklist ${HOME}/.dillo | 177 | blacklist ${HOME}/.dillo |
171 | blacklist ${HOME}/.dosbox | 178 | blacklist ${HOME}/.dosbox |
@@ -200,6 +207,7 @@ blacklist ${HOME}/.kde4/share/apps/okular | |||
200 | blacklist ${HOME}/.kde4/share/config/baloofilerc | 207 | blacklist ${HOME}/.kde4/share/config/baloofilerc |
201 | blacklist ${HOME}/.kde4/share/config/baloorc | 208 | blacklist ${HOME}/.kde4/share/config/baloorc |
202 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 209 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
210 | blacklist ${HOME}/.kde4/share/config/digikam | ||
203 | blacklist ${HOME}/.kde4/share/config/k3brc | 211 | blacklist ${HOME}/.kde4/share/config/k3brc |
204 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 212 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
205 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 213 | blacklist ${HOME}/.kde4/share/config/khtmlrc |
@@ -217,6 +225,7 @@ blacklist ${HOME}/.kde/share/apps/konqueror | |||
217 | blacklist ${HOME}/.kde/share/apps/okular | 225 | blacklist ${HOME}/.kde/share/apps/okular |
218 | blacklist ${HOME}/.kde/share/config/baloofilerc | 226 | blacklist ${HOME}/.kde/share/config/baloofilerc |
219 | blacklist ${HOME}/.kde/share/config/baloorc | 227 | blacklist ${HOME}/.kde/share/config/baloorc |
228 | blacklist ${HOME}/.kde/share/config/digikam | ||
220 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 229 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
221 | blacklist ${HOME}/.kde/share/config/k3brc | 230 | blacklist ${HOME}/.kde/share/config/k3brc |
222 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 231 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
@@ -253,7 +262,7 @@ blacklist ${HOME}/.local/share/caja-python | |||
253 | blacklist ${HOME}/.local/share/cdprojektred | 262 | blacklist ${HOME}/.local/share/cdprojektred |
254 | blacklist ${HOME}/.local/share/clipit | 263 | blacklist ${HOME}/.local/share/clipit |
255 | blacklist ${HOME}/.local/share/data/Mumble | 264 | blacklist ${HOME}/.local/share/data/Mumble |
256 | blacklist ${HOME}./local/share/dino | 265 | blacklist ${HOME}/.local/share/dino |
257 | blacklist ${HOME}/.local/share/dolphin | 266 | blacklist ${HOME}/.local/share/dolphin |
258 | blacklist ${HOME}/.local/share/epiphany | 267 | blacklist ${HOME}/.local/share/epiphany |
259 | blacklist ${HOME}/.local/share/evolution | 268 | blacklist ${HOME}/.local/share/evolution |
@@ -265,6 +274,7 @@ blacklist ${HOME}/.local/share/gnome-chess | |||
265 | blacklist ${HOME}/.local/share/gnome-music | 274 | blacklist ${HOME}/.local/share/gnome-music |
266 | blacklist ${HOME}/.local/share/gnome-photos | 275 | blacklist ${HOME}/.local/share/gnome-photos |
267 | blacklist ${HOME}/.local/share/kate | 276 | blacklist ${HOME}/.local/share/kate |
277 | blacklist ${HOME}/.local/share/ktorrentrc | ||
268 | blacklist ${HOME}/.local/share/lollypop | 278 | blacklist ${HOME}/.local/share/lollypop |
269 | blacklist ${HOME}/.local/share/meld | 279 | blacklist ${HOME}/.local/share/meld |
270 | blacklist ${HOME}/.local/share/multimc5 | 280 | blacklist ${HOME}/.local/share/multimc5 |
@@ -298,6 +308,7 @@ blacklist ${HOME}/.mcabberrc | |||
298 | blacklist ${HOME}/.mediathek3 | 308 | blacklist ${HOME}/.mediathek3 |
299 | blacklist ${HOME}/.mozilla | 309 | blacklist ${HOME}/.mozilla |
300 | blacklist ${HOME}/.mpdconf | 310 | blacklist ${HOME}/.mpdconf |
311 | blacklist ${HOME}/.mplayer | ||
301 | blacklist ${HOME}/.msmtprc | 312 | blacklist ${HOME}/.msmtprc |
302 | blacklist ${HOME}/.multimc5 | 313 | blacklist ${HOME}/.multimc5 |
303 | blacklist ${HOME}/.mutt | 314 | blacklist ${HOME}/.mutt |
@@ -332,6 +343,7 @@ blacklist ${HOME}/.vst | |||
332 | blacklist ${HOME}/.w3m | 343 | blacklist ${HOME}/.w3m |
333 | blacklist ${HOME}/.warzone2100-3.* | 344 | blacklist ${HOME}/.warzone2100-3.* |
334 | blacklist ${HOME}/.weechat | 345 | blacklist ${HOME}/.weechat |
346 | blacklist ${HOME}/.wgetrc | ||
335 | blacklist ${HOME}/.wine | 347 | blacklist ${HOME}/.wine |
336 | blacklist ${HOME}/.wine64 | 348 | blacklist ${HOME}/.wine64 |
337 | blacklist ${HOME}/.xiphos | 349 | blacklist ${HOME}/.xiphos |
@@ -350,6 +362,7 @@ blacklist ${HOME}/.cache/INRIA | |||
350 | blacklist ${HOME}/.cache/QuiteRss | 362 | blacklist ${HOME}/.cache/QuiteRss |
351 | blacklist ${HOME}/.cache/attic | 363 | blacklist ${HOME}/.cache/attic |
352 | blacklist ${HOME}/.cache/borg | 364 | blacklist ${HOME}/.cache/borg |
365 | blacklist ${HOME}/.cache/calibre | ||
353 | blacklist ${HOME}/.cache/champlain | 366 | blacklist ${HOME}/.cache/champlain |
354 | blacklist ${HOME}/.cache/chromium | 367 | blacklist ${HOME}/.cache/chromium |
355 | blacklist ${HOME}/.cache/qupzilla | 368 | blacklist ${HOME}/.cache/qupzilla |
diff --git a/etc/dragon.profile b/etc/dragon.profile index 661f663c3..d099f1d9d 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | novideo | ||
21 | shell none | 22 | shell none |
22 | seccomp | 23 | seccomp |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index e0097a8ea..19076704b 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | caps | 14 | caps |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | novideo | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | 20 | ||
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile new file mode 100644 index 000000000..ba28e3550 --- /dev/null +++ b/etc/ebook-viewer.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/ebook-viewer.local | ||
7 | |||
8 | # Firejail profile for ebook-viewer (Calibre) | ||
9 | include /etc/firejail/calibre.profile | ||
10 | net none | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index 76a7e6b94..597e43fb8 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -14,11 +14,12 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | no3d | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
21 | no3d | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | netfilter | 25 | netfilter |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index f409a8dd4..081a5f6b0 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -16,6 +16,7 @@ nogroups | |||
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | nosound | 18 | nosound |
19 | novideo | ||
19 | protocol unix | 20 | protocol unix |
20 | seccomp | 21 | seccomp |
21 | netfilter | 22 | netfilter |
diff --git a/etc/eog.profile b/etc/eog.profile index 447a41a86..1b9926ec9 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -24,6 +24,7 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | novideo | ||
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
diff --git a/etc/eom.profile b/etc/eom.profile index d2622ebcf..b5eedd989 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | novideo | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
diff --git a/etc/evince.profile b/etc/evince.profile index 51ed3fbf3..6719244da 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | novideo | ||
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
diff --git a/etc/file.profile b/etc/file.profile index a757dce5a..915bf1088 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/file.local | 7 | include /etc/firejail/file.local |
7 | 8 | ||
8 | # file profile | 9 | # file profile |
9 | quiet | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 9d047db97..70b41a240 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -13,7 +13,10 @@ noblacklist ~/.local/share/qpdfview | |||
13 | noblacklist ~/.kde4/share/apps/okular | 13 | noblacklist ~/.kde4/share/apps/okular |
14 | noblacklist ~/.kde/share/apps/okular | 14 | noblacklist ~/.kde/share/apps/okular |
15 | noblacklist ~/.local/share/okular | 15 | noblacklist ~/.local/share/okular |
16 | noblacklist ~/.config/okularpartrc | ||
17 | noblacklist ~/.config/okularrc | ||
16 | noblacklist ~/.pki | 18 | noblacklist ~/.pki |
19 | |||
17 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
18 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-devel.inc | 22 | include /etc/firejail/disable-devel.inc |
@@ -48,6 +51,8 @@ whitelist ~/.pki | |||
48 | whitelist ~/.lastpass | 51 | whitelist ~/.lastpass |
49 | whitelist ~/.config/qpdfview | 52 | whitelist ~/.config/qpdfview |
50 | whitelist ~/.local/share/qpdfview | 53 | whitelist ~/.local/share/qpdfview |
54 | whitelist ~/.config/okularrc | ||
55 | whitelist ~/.config/okularpartrc | ||
51 | whitelist ~/.kde4/share/apps/okular | 56 | whitelist ~/.kde4/share/apps/okular |
52 | whitelist ~/.kde/share/apps/okular | 57 | whitelist ~/.kde/share/apps/okular |
53 | whitelist ~/.local/share/okular | 58 | whitelist ~/.local/share/okular |
diff --git a/etc/ghb.profile b/etc/ghb.profile new file mode 100644 index 000000000..2068c3136 --- /dev/null +++ b/etc/ghb.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/ghb.local | ||
7 | |||
8 | # HandBrake | ||
9 | include /etc/firejail/handbrake.profile | ||
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index 1902fac72..ce6cee7a5 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile | |||
@@ -1,4 +1,8 @@ | |||
1 | # Persistent global definitions go here | 1 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 2 | include /etc/firejail/globals.local |
3 | 3 | ||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/gimp-2.8.local | ||
7 | |||
4 | include /etc/firejail/gimp.profile | 8 | include /etc/firejail/gimp.profile |
diff --git a/etc/git.profile b/etc/git.profile index a8e7bf882..5fa3ef95e 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/git.local | 7 | include /etc/firejail/git.local |
7 | 8 | ||
8 | # git profile | 9 | # git profile |
9 | quiet | ||
10 | noblacklist ~/.gitconfig | 10 | noblacklist ~/.gitconfig |
11 | noblacklist ~/.ssh | 11 | noblacklist ~/.ssh |
12 | noblacklist ~/.gnupg | 12 | noblacklist ~/.gnupg |
diff --git a/etc/gtar.profile b/etc/gtar.profile index cd15b7156..9a4325082 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,5 +7,4 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/gtar.local | 7 | include /etc/firejail/gtar.local |
7 | 8 | ||
8 | # gtar profile | 9 | # gtar profile |
9 | quiet | ||
10 | include /etc/firejail/tar.profile | 10 | include /etc/firejail/tar.profile |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 2ba4e0b58..5a2a5d26e 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/gzip.local | 7 | include /etc/firejail/gzip.local |
7 | 8 | ||
8 | # gzip profile | 9 | # gzip profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile new file mode 100644 index 000000000..a162352de --- /dev/null +++ b/etc/handbrake-gtk.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/handbrake-gtk.local | ||
7 | |||
8 | # HandBrake | ||
9 | include /etc/firejail/handbrake.profile | ||
diff --git a/etc/handbrake.profile b/etc/handbrake.profile new file mode 100644 index 000000000..0f3f32250 --- /dev/null +++ b/etc/handbrake.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/handbrake.local | ||
7 | |||
8 | noblacklist ~/.config/ghb | ||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | |||
13 | caps.drop all | ||
14 | netfilter | ||
15 | nonewprivs | ||
16 | noroot | ||
17 | # netlink required! | ||
18 | protocol unix,inet,inet6,netlink | ||
19 | seccomp | ||
20 | |||
21 | # | ||
22 | # depending on your usage, you can enable some of the commands below: | ||
23 | # | ||
24 | nogroups | ||
25 | shell none | ||
26 | # private-bin program | ||
27 | # private-etc none | ||
28 | #private-dev | ||
29 | private-tmp | ||
30 | nosound | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 9aeed0057..34e260f8f 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | machine-id | ||
20 | net none | 21 | net none |
21 | no3d | 22 | no3d |
22 | nogroups | 23 | nogroups |
@@ -28,8 +29,8 @@ seccomp | |||
28 | shell none | 29 | shell none |
29 | tracelog | 30 | tracelog |
30 | 31 | ||
31 | private-bin keepassx | 32 | private-bin keepassx,keepassx2 |
32 | private-etc fonts | 33 | private-etc fonts,machine-id |
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 5b7e5e667..59c2827cd 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -8,6 +8,8 @@ include /etc/firejail/ktorrent.local | |||
8 | ################################ | 8 | ################################ |
9 | # Generic GUI application profile | 9 | # Generic GUI application profile |
10 | ################################ | 10 | ################################ |
11 | noblacklist ~/.config/ktorrentrc | ||
12 | noblacklist ~/.local/share/ktorrent | ||
11 | noblacklist ~/.kde/share/config/ktorrentrc | 13 | noblacklist ~/.kde/share/config/ktorrentrc |
12 | noblacklist ~/.kde4/share/config/ktorrentrc | 14 | noblacklist ~/.kde4/share/config/ktorrentrc |
13 | noblacklist ~/.kde/share/apps/ktorrent | 15 | noblacklist ~/.kde/share/apps/ktorrent |
@@ -16,7 +18,10 @@ include /etc/firejail/disable-common.inc | |||
16 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
18 | 20 | ||
19 | 21 | mkfile ~/.config/ktorrentrc | |
22 | whitelist ~/.config/ktorrentrc | ||
23 | mkdir ~/.local/share/ktorrent | ||
24 | whitelist ~/.local/share/ktorrent | ||
20 | mkdir ~/.kde/share/config/ktorrentrc | 25 | mkdir ~/.kde/share/config/ktorrentrc |
21 | whitelist ~/.kde/share/config/ktorrentrc | 26 | whitelist ~/.kde/share/config/ktorrentrc |
22 | mkdir ~/.kde4/share/config/ktorrentrc | 27 | mkdir ~/.kde4/share/config/ktorrentrc |
diff --git a/etc/less.profile b/etc/less.profile index 273b47a7a..dd63d3e2e 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/less.local | 7 | include /etc/firejail/less.local |
7 | 8 | ||
8 | # less profile | 9 | # less profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 67a9f244e..acc687b81 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
@@ -1,4 +1,8 @@ | |||
1 | # Persistent global definitions go here | 1 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 2 | include /etc/firejail/globals.local |
3 | 3 | ||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/mate-calculator.local | ||
7 | |||
4 | #include /etc/firejail/mate-calc.profile | 8 | #include /etc/firejail/mate-calc.profile |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile new file mode 100644 index 000000000..879223e1a --- /dev/null +++ b/etc/mplayer.profile | |||
@@ -0,0 +1,31 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/mplayer.local | ||
7 | |||
8 | # mplayer profile | ||
9 | noblacklist ${HOME}/.mplayer | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | #ipc-namespace | ||
18 | netfilter | ||
19 | # nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | protocol unix,inet,inet6,netlink | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | private-dev | ||
27 | private-tmp | ||
28 | private-bin mplayer | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 1fe0a1f63..97bd2b0b1 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/qpdfview.local | 6 | include /etc/firejail/qpdfview.local |
7 | 7 | ||
8 | # qpdfview profile | 8 | # qpdfview profile |
9 | noblacklist ${HOME}./config/qt5ct | 9 | noblacklist ${HOME}/.config/qt5ct |
10 | noblacklist ${HOME}/.config/qpdfview | 10 | noblacklist ${HOME}/.config/qpdfview |
11 | noblacklist ${HOME}/.local/share/qpdfview | 11 | noblacklist ${HOME}/.local/share/qpdfview |
12 | 12 | ||
diff --git a/etc/server.profile b/etc/server.profile index 31a81b88f..2d79fa1c8 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -18,6 +18,7 @@ blacklist /tmp/.X11-unix | |||
18 | no3d | 18 | no3d |
19 | nosound | 19 | nosound |
20 | seccomp | 20 | seccomp |
21 | caps | ||
21 | 22 | ||
22 | private | 23 | private |
23 | private-dev | 24 | private-dev |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile new file mode 100644 index 000000000..6a5c115b7 --- /dev/null +++ b/etc/smplayer.profile | |||
@@ -0,0 +1,32 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/smplayer.local | ||
7 | |||
8 | # smplayer profile | ||
9 | noblacklist ${HOME}/.config/smplayer | ||
10 | noblacklist ${HOME}/.mplayer | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | |||
17 | caps.drop all | ||
18 | #ipc-namespace | ||
19 | netfilter | ||
20 | # nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | protocol unix,inet,inet6,netlink | ||
24 | seccomp | ||
25 | shell none | ||
26 | |||
27 | private-dev | ||
28 | private-tmp | ||
29 | private-bin smplayer,mplayer | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index bbb0baade..ab47067f1 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/ssh-agent.local | 7 | include /etc/firejail/ssh-agent.local |
7 | 8 | ||
8 | # ssh-agent | 9 | # ssh-agent |
9 | quiet | ||
10 | noblacklist ~/.ssh | 10 | noblacklist ~/.ssh |
11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
12 | noblacklist /etc/ssh | 12 | noblacklist /etc/ssh |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 7ea78535d..e592841a1 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/ssh.local | 7 | include /etc/firejail/ssh.local |
7 | 8 | ||
8 | # ssh client | 9 | # ssh client |
9 | quiet | ||
10 | noblacklist ~/.ssh | 10 | noblacklist ~/.ssh |
11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
12 | noblacklist /etc/ssh | 12 | noblacklist /etc/ssh |
diff --git a/etc/strings.profile b/etc/strings.profile index b12c42f0d..a9301c652 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/strings.local | 7 | include /etc/firejail/strings.local |
7 | 8 | ||
8 | # strings profile | 9 | # strings profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/tar.profile b/etc/tar.profile index 0661286b4..577e795f8 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/tar.local | 7 | include /etc/firejail/tar.local |
7 | 8 | ||
8 | # tar profile | 9 | # tar profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/thunar.profile b/etc/thunar.profile index cd84acf39..d8389ebc8 100644 --- a/etc/thunar.profile +++ b/etc/thunar.profile | |||
@@ -1,4 +1,8 @@ | |||
1 | # Persistent global definitions go here | 1 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 2 | include /etc/firejail/globals.local |
3 | 3 | ||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/thunar.local | ||
7 | |||
4 | include /etc/firejail/Thunar.profile | 8 | include /etc/firejail/Thunar.profile |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 8a5bf1f7b..c693a53b3 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -25,6 +25,11 @@ noblacklist ~/.cache/thunderbird | |||
25 | mkdir ~/.cache/thunderbird | 25 | mkdir ~/.cache/thunderbird |
26 | whitelist ~/.cache/thunderbird | 26 | whitelist ~/.cache/thunderbird |
27 | 27 | ||
28 | whitelist ~/.config/mimeapps.list | ||
29 | read-only ~/.config/mimeapps.list | ||
30 | whitelist ~/.local/share/applications | ||
31 | read-only ~/.local/share/applications | ||
32 | |||
28 | # allow browsers | 33 | # allow browsers |
29 | ignore private-tmp | 34 | ignore private-tmp |
30 | include /etc/firejail/firefox.profile | 35 | include /etc/firejail/firefox.profile |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 1375c9b48..62d6665ec 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/unrar.local | 7 | include /etc/firejail/unrar.local |
7 | 8 | ||
8 | # unrar profile | 9 | # unrar profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile index 581d65167..130e57ae9 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/unzip.local | 7 | include /etc/firejail/unzip.local |
7 | 8 | ||
8 | # unzip profile | 9 | # unzip profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index c795619a0..46f28179b 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/uudeview.local | 7 | include /etc/firejail/uudeview.local |
7 | 8 | ||
8 | # uudeview profile | 9 | # uudeview profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile index 51954c643..f2c2f4cc0 100644 --- a/etc/vivaldi-beta.profile +++ b/etc/vivaldi-beta.profile | |||
@@ -6,4 +6,4 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/vivaldi-beta.local | 6 | include /etc/firejail/vivaldi-beta.local |
7 | 7 | ||
8 | # Vivaldi Beta browser profile | 8 | # Vivaldi Beta browser profile |
9 | include /etc/firejail/vivaldi-stable.profile | 9 | include /etc/firejail/vivaldi.profile |
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile index a57b2dd78..9b2ccd4f3 100644 --- a/etc/vivaldi-stable.profile +++ b/etc/vivaldi-stable.profile | |||
@@ -4,19 +4,5 @@ include /etc/firejail/globals.local | |||
4 | # This file is overwritten during software install. | 4 | # This file is overwritten during software install. |
5 | # Persistent customizations should go in a .local file. | 5 | # Persistent customizations should go in a .local file. |
6 | include /etc/firejail/vivaldi.local | 6 | include /etc/firejail/vivaldi.local |
7 | noblacklist ~/.cache/vivaldi | ||
8 | 7 | ||
9 | # Vivaldi browser profile | 8 | include /etc/firejail/vivaldi.profile |
10 | noblacklist ~/.config/vivaldi | ||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | |||
15 | netfilter | ||
16 | |||
17 | whitelist ${DOWNLOADS} | ||
18 | mkdir ~/.config/vivaldi | ||
19 | whitelist ~/.config/vivaldi | ||
20 | mkdir ~/.cache/vivaldi | ||
21 | whitelist ~/.cache/vivaldi | ||
22 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index c01c6d608..25d78439d 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -6,4 +6,19 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/vivaldi.local | 6 | include /etc/firejail/vivaldi.local |
7 | 7 | ||
8 | # Vivaldi browser profile | 8 | # Vivaldi browser profile |
9 | include /etc/firejail/vivaldi-stable.profile | 9 | noblacklist ~/.cache/vivaldi |
10 | |||
11 | # Vivaldi browser profile | ||
12 | noblacklist ~/.config/vivaldi | ||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | include /etc/firejail/disable-devel.inc | ||
16 | |||
17 | netfilter | ||
18 | |||
19 | whitelist ${DOWNLOADS} | ||
20 | mkdir ~/.config/vivaldi | ||
21 | whitelist ~/.config/vivaldi | ||
22 | mkdir ~/.cache/vivaldi | ||
23 | whitelist ~/.cache/vivaldi | ||
24 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index efd6d04a6..b36e844ff 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -24,7 +24,7 @@ seccomp | |||
24 | shell none | 24 | shell none |
25 | 25 | ||
26 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 26 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
27 | # private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | 29 | ||
30 | noexec ${HOME} | 30 | noexec ${HOME} |
diff --git a/etc/wget.profile b/etc/wget.profile index 562c7bbf1..801e034ea 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,7 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/wget.local | 7 | include /etc/firejail/wget.local |
7 | 8 | ||
8 | # wget profile | 9 | # wget profile |
9 | quiet | 10 | noblacklist ~/.wgetrc |
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/xz.profile b/etc/xz.profile index f01906610..a3c1ab3ca 100644 --- a/etc/xz.profile +++ b/etc/xz.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,5 +7,4 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/xz.local | 7 | include /etc/firejail/xz.local |
7 | 8 | ||
8 | # xz profile | 9 | # xz profile |
9 | quiet | ||
10 | include /etc/firejail/cpio.profile | 10 | include /etc/firejail/cpio.profile |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 21cb15556..2a84bf0ee 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -6,7 +7,6 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/xzdec.local | 7 | include /etc/firejail/xzdec.local |
7 | 8 | ||
8 | # xzdec profile | 9 | # xzdec profile |
9 | quiet | ||
10 | ignore noroot | 10 | ignore noroot |
11 | include /etc/firejail/default.profile | 11 | include /etc/firejail/default.profile |
12 | 12 | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 8d925a354..e1ed3ccab 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
@@ -24,7 +25,6 @@ protocol unix,inet,inet6 | |||
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | tracelog | 27 | tracelog |
27 | quiet | ||
28 | 28 | ||
29 | private-dev | 29 | private-dev |
30 | 30 | ||