aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar startx2017 <vradu.startx@yandex.com>2018-08-14 08:04:40 -0400
committerLibravatar startx2017 <vradu.startx@yandex.com>2018-08-14 08:04:40 -0400
commit327d3d815db6619cc81fa6858a8ca8667189f7b7 (patch)
treee6e3a70e1a876113afdbd5154c6bc7b215cb6ef8 /etc
parentphase1 (diff)
downloadfirejail-327d3d815db6619cc81fa6858a8ca8667189f7b7.tar.gz
firejail-327d3d815db6619cc81fa6858a8ca8667189f7b7.tar.zst
firejail-327d3d815db6619cc81fa6858a8ca8667189f7b7.zip
merge 0.9.56-rc1
Diffstat (limited to 'etc')
-rw-r--r--etc/Viber.profile2
-rw-r--r--etc/amarok.profile2
-rw-r--r--etc/ardour5.profile2
-rw-r--r--etc/arm.profile2
-rw-r--r--etc/beaker.profile19
-rw-r--r--etc/bibletime.profile2
-rw-r--r--etc/bitcoin-qt.profile2
-rw-r--r--etc/cmus.profile2
-rw-r--r--etc/curl.profile2
-rw-r--r--etc/digikam.profile2
-rw-r--r--etc/dino.profile2
-rw-r--r--etc/disable-programs.inc1
-rw-r--r--etc/discord-common.profile4
-rw-r--r--etc/electrum.profile52
-rw-r--r--etc/elinks.profile2
-rw-r--r--etc/flameshot.profile2
-rw-r--r--etc/gitter.profile2
-rw-r--r--etc/gjs.profile2
-rw-r--r--etc/gnome-clocks.profile2
-rw-r--r--etc/gnome-maps.profile2
-rw-r--r--etc/gnome-music.profile2
-rw-r--r--etc/gnome-weather.profile2
-rw-r--r--etc/goobox.profile2
-rw-r--r--etc/gpredict.profile2
-rw-r--r--etc/lynx.profile2
-rw-r--r--etc/mate-dictionary.profile2
-rw-r--r--etc/mcabber.profile2
-rw-r--r--etc/minetest.profile2
-rw-r--r--etc/ms-office.profile2
-rw-r--r--etc/musixmatch.profile2
-rw-r--r--etc/parole.profile2
-rw-r--r--etc/ping.profile2
-rw-r--r--etc/ppsspp.profile2
-rw-r--r--etc/qbittorrent.profile2
-rw-r--r--etc/qtox.profile2
-rw-r--r--etc/qupzilla.profile2
-rw-r--r--etc/ricochet.profile2
-rw-r--r--etc/rview.profile10
-rw-r--r--etc/rvim.profile10
-rw-r--r--etc/seamonkey.profile2
-rw-r--r--etc/simple-scan.profile2
-rw-r--r--etc/slack.profile2
-rw-r--r--etc/spotify.profile2
-rw-r--r--etc/tor.profile2
-rw-r--r--etc/totem.profile5
-rw-r--r--etc/transmission-cli.profile2
-rw-r--r--etc/unknown-horizons.profile2
-rw-r--r--etc/vimcat.profile10
-rw-r--r--etc/vimdiff.profile10
-rw-r--r--etc/vimpager.profile10
-rw-r--r--etc/vimtutor.profile10
-rw-r--r--etc/wget.profile2
-rw-r--r--etc/wire-desktop.profile4
-rw-r--r--etc/wireshark.profile2
-rw-r--r--etc/xiphos.profile2
-rw-r--r--etc/xonotic.profile3
-rw-r--r--etc/xplayer.profile2
-rw-r--r--etc/xviewer.profile2
-rw-r--r--etc/xxd.profile10
59 files changed, 195 insertions, 53 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 6a58da8c9..cb9d01e03 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -32,7 +32,7 @@ shell none
32 32
33disable-mnt 33disable-mnt
34private-bin sh,bash,dig,awk,Viber 34private-bin sh,bash,dig,awk,Viber
35private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies 35private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf
36private-tmp 36private-tmp
37 37
38noexec ${HOME} 38noexec ${HOME}
diff --git a/etc/amarok.profile b/etc/amarok.profile
index aff78e210..c728ce4ab 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -29,5 +29,5 @@ shell none
29 29
30# private-bin amarok 30# private-bin amarok
31private-dev 31private-dev
32# private-etc none 32# private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
33private-tmp 33private-tmp
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index aaac62bc8..99649cc3f 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -35,7 +35,7 @@ shell none
35#private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm 35#private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
36private-cache 36private-cache
37private-dev 37private-dev
38#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts 38#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf
39private-tmp 39private-tmp
40 40
41noexec ${HOME} 41noexec ${HOME}
diff --git a/etc/arm.profile b/etc/arm.profile
index a89ee86cc..bebf05366 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -42,7 +42,7 @@ tracelog
42disable-mnt 42disable-mnt
43private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig 43private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig
44private-dev 44private-dev
45private-etc tor,passwd 45private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies
46private-tmp 46private-tmp
47 47
48noexec ${HOME} 48noexec ${HOME}
diff --git a/etc/beaker.profile b/etc/beaker.profile
new file mode 100644
index 000000000..9215576c7
--- /dev/null
+++ b/etc/beaker.profile
@@ -0,0 +1,19 @@
1# Firejail profile for beaker
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/beaker.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/Beaker Browser
9
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-interpreters.inc
12
13mkdir ${HOME}/.config/Beaker Browser
14whitelist ${HOME}/.config/Beaker Browser
15whitelist ${DOWNLOADS}
16include /etc/firejail/whitelist-common.inc
17
18# Redirect
19include /etc/firejail/electron.profile
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index b84e8186b..fef7474a9 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -38,5 +38,5 @@ tracelog
38 38
39# private-bin bibletime,qt5ct 39# private-bin bibletime,qt5ct
40private-dev 40private-dev
41private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id 41private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies
42private-tmp 42private-tmp
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile
index 84c2c77de..efc11cc9c 100644
--- a/etc/bitcoin-qt.profile
+++ b/etc/bitcoin-qt.profile
@@ -40,7 +40,7 @@ tracelog
40private-bin bitcoin-qt 40private-bin bitcoin-qt
41private-dev 41private-dev
42# Causes problem with loading of libGL.so 42# Causes problem with loading of libGL.so
43#private-etc fonts 43#private-etc fonts,ca-certificates,ssl,pki,crypto-policies
44# Works, but QT complains about OpenSSL a bit. 44# Works, but QT complains about OpenSSL a bit.
45#private-lib 45#private-lib
46private-tmp 46private-tmp
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 3331bde22..a9f76ec80 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -26,4 +26,4 @@ seccomp
26shell none 26shell none
27 27
28private-bin cmus 28private-bin cmus
29private-etc group 29private-etc group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
diff --git a/etc/curl.profile b/etc/curl.profile
index 1d2515f51..d1a682e60 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -31,7 +31,7 @@ shell none
31# private-bin curl 31# private-bin curl
32private-cache 32private-cache
33private-dev 33private-dev
34# private-etc resolv.conf 34# private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies
35private-tmp 35private-tmp
36 36
37noexec ${HOME} 37noexec ${HOME}
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 2e1947419..b3b0de1bc 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -36,7 +36,7 @@ shell none
36 36
37# private-bin program 37# private-bin program
38# private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device 38# private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device
39# private-etc none 39# private-etc ca-certificates,ssl,pki,crypto-policies
40private-tmp 40private-tmp
41 41
42noexec ${HOME} 42noexec ${HOME}
diff --git a/etc/dino.profile b/etc/dino.profile
index 5c9d44140..a39ec8931 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -35,7 +35,7 @@ shell none
35disable-mnt 35disable-mnt
36private-bin dino 36private-bin dino
37private-dev 37private-dev
38# private-etc fonts # breaks server connection 38# private-etc fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection
39private-tmp 39private-tmp
40 40
41noexec ${HOME} 41noexec ${HOME}
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 6d5b45da8..d685fceed 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -46,6 +46,7 @@ blacklist ${HOME}/.config/0ad
46blacklist ${HOME}/.config/2048-qt 46blacklist ${HOME}/.config/2048-qt
47blacklist ${HOME}/.config/Atom 47blacklist ${HOME}/.config/Atom
48blacklist ${HOME}/.config/Audaciousrc 48blacklist ${HOME}/.config/Audaciousrc
49blacklist ${HOME}/.config/Beaker Browser
49blacklist ${HOME}/.config/Brackets 50blacklist ${HOME}/.config/Brackets
50blacklist ${HOME}/.config/Clementine 51blacklist ${HOME}/.config/Clementine
51blacklist ${HOME}/.config/Code 52blacklist ${HOME}/.config/Code
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index 9f0e02525..b835ce401 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -24,9 +24,9 @@ novideo
24protocol unix,inet,inet6,netlink 24protocol unix,inet,inet6,netlink
25seccomp 25seccomp
26 26
27private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep 27private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
28private-dev 28private-dev
29private-etc fonts,machine-id,localtime,ld.so.cache 29private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies
30private-tmp 30private-tmp
31 31
32noexec ${HOME} 32noexec ${HOME}
diff --git a/etc/electrum.profile b/etc/electrum.profile
new file mode 100644
index 000000000..d611f3e61
--- /dev/null
+++ b/etc/electrum.profile
@@ -0,0 +1,52 @@
1# Firejail profile for electrum
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/electrum.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.electrum
9
10# Allow python (blacklisted by disable-interpreters.inc)
11noblacklist ${PATH}/python2*
12noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3*
15
16include /etc/firejail/disable-common.inc
17include /etc/firejail/disable-devel.inc
18include /etc/firejail/disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc
21include /etc/firejail/disable-xdg.inc
22
23mkdir ${HOME}/.electrum
24whitelist ${HOME}/.electrum
25include /etc/firejail/whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc
27
28caps.drop all
29ipc-namespace
30netfilter
31no3d
32#nodbus
33nodvd
34nogroups
35nonewprivs
36noroot
37nosound
38notv
39novideo
40protocol unix,inet,inet6
41seccomp
42shell none
43
44disable-mnt
45private-bin electrum,python*
46private-cache
47private-dev
48private-etc fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id
49private-tmp
50
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/elinks.profile b/etc/elinks.profile
index 61fbab3cc..1da0360c7 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -34,5 +34,5 @@ tracelog
34# private-bin elinks 34# private-bin elinks
35private-cache 35private-cache
36private-dev 36private-dev
37# private-etc none 37# private-etc ca-certificates,ssl,pki,crypto-policies
38private-tmp 38private-tmp
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index 7c2bc8c11..8dbd74cc1 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -33,7 +33,7 @@ shell none
33disable-mnt 33disable-mnt
34private-bin flameshot 34private-bin flameshot
35private-cache 35private-cache
36private-etc fonts,ca-certificates,ld.so.conf,resolv.conf,ssl 36private-etc fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies
37private-dev 37private-dev
38private-tmp 38private-tmp
39 39
diff --git a/etc/gitter.profile b/etc/gitter.profile
index 2edbf8a4e..b5bedb66d 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -34,7 +34,7 @@ shell none
34 34
35disable-mnt 35disable-mnt
36private-bin bash,env,gitter 36private-bin bash,env,gitter
37private-etc fonts,pulse,resolv.conf 37private-etc fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies
38private-opt Gitter 38private-opt Gitter
39private-dev 39private-dev
40private-tmp 40private-tmp
diff --git a/etc/gjs.profile b/etc/gjs.profile
index 9d439782c..6110cb71e 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -32,5 +32,5 @@ tracelog
32 32
33# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather 33# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
34private-dev 34private-dev
35# private-etc fonts 35# private-etc fonts,ca-certificates,ssl,pki,crypto-policies
36private-tmp 36private-tmp
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index 4251f70ed..b0a6cf80e 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -32,7 +32,7 @@ tracelog
32disable-mnt 32disable-mnt
33# private-bin gnome-clocks 33# private-bin gnome-clocks
34private-dev 34private-dev
35# private-etc fonts 35# private-etc fonts,ca-certificates,ssl,pki,crypto-policies
36private-tmp 36private-tmp
37 37
38noexec ${HOME} 38noexec ${HOME}
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index da73d9450..b747743fc 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -35,7 +35,7 @@ tracelog
35disable-mnt 35disable-mnt
36# private-bin gjs gnome-maps 36# private-bin gjs gnome-maps
37private-dev 37private-dev
38# private-etc fonts 38# private-etc fonts,ca-certificates,ssl,pki,crypto-policies
39private-tmp 39private-tmp
40 40
41noexec ${HOME} 41noexec ${HOME}
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 90fb9814f..15710b363 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -38,7 +38,7 @@ tracelog
38 38
39private-bin gnome-music,python* 39private-bin gnome-music,python*
40private-dev 40private-dev
41# private-etc fonts 41# private-etc fonts,machine-id,pulse,asound.conf
42private-tmp 42private-tmp
43 43
44noexec ${HOME} 44noexec ${HOME}
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index 28c9e6d86..f2c6acac5 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -36,7 +36,7 @@ tracelog
36disable-mnt 36disable-mnt
37# private-bin gjs gnome-weather 37# private-bin gjs gnome-weather
38private-dev 38private-dev
39# private-etc fonts 39# private-etc fonts,ca-certificates,ssl,pki,crypto-policies
40private-tmp 40private-tmp
41 41
42noexec ${HOME} 42noexec ${HOME}
diff --git a/etc/goobox.profile b/etc/goobox.profile
index 5e5aad95b..ca92b1540 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -29,5 +29,5 @@ tracelog
29 29
30# private-bin goobox 30# private-bin goobox
31private-dev 31private-dev
32# private-etc fonts 32# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
33# private-tmp 33# private-tmp
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index 51f384751..58f79ac14 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -31,7 +31,7 @@ tracelog
31 31
32private-bin gpredict 32private-bin gpredict
33private-dev 33private-dev
34private-etc fonts,resolv.conf 34private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies
35private-tmp 35private-tmp
36 36
37noexec ${HOME} 37noexec ${HOME}
diff --git a/etc/lynx.profile b/etc/lynx.profile
index 0f4de2fee..3c70800be 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -32,5 +32,5 @@ tracelog
32# private-bin lynx 32# private-bin lynx
33private-cache 33private-cache
34private-dev 34private-dev
35# private-etc none 35# private-etc ca-certificates,ssl,pki,crypto-policies
36private-tmp 36private-tmp
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index 6c9ed4499..b0bd99519 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -35,7 +35,7 @@ shell none
35 35
36disable-mnt 36disable-mnt
37private-bin mate-dictionary 37private-bin mate-dictionary
38private-etc fonts,resolv.conf 38private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies
39private-opt mate-dictionary 39private-opt mate-dictionary
40private-dev 40private-dev
41private-tmp 41private-tmp
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 860de3f0a..aee153110 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -28,4 +28,4 @@ shell none
28 28
29private-bin mcabber 29private-bin mcabber
30private-dev 30private-dev
31private-etc null 31private-etc ca-certificates,ssl,pki,crypto-policies
diff --git a/etc/minetest.profile b/etc/minetest.profile
index cdbf21935..6497fa9ba 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -34,7 +34,7 @@ disable-mnt
34private-bin minetest 34private-bin minetest
35private-dev 35private-dev
36# private-etc needs to be updated, see #1702 36# private-etc needs to be updated, see #1702
37#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies 37#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
38private-tmp 38private-tmp
39 39
40noexec ${HOME} 40noexec ${HOME}
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
index 49bc4ad37..cedc5eff4 100644
--- a/etc/ms-office.profile
+++ b/etc/ms-office.profile
@@ -36,7 +36,7 @@ tracelog
36 36
37disable-mnt 37disable-mnt
38private-bin bash,fonts,env,jak,ms-office,python*,sh 38private-bin bash,fonts,env,jak,ms-office,python*,sh
39private-etc ca-certificates,resolv.conf,ssl 39private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies
40private-dev 40private-dev
41private-tmp 41private-tmp
42 42
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index bc8965431..ba010d6a3 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -30,7 +30,7 @@ seccomp
30 30
31disable-mnt 31disable-mnt
32private-dev 32private-dev
33private-etc none 33private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
34 34
35noexec ${HOME} 35noexec ${HOME}
36noexec /tmp 36noexec /tmp
diff --git a/etc/parole.profile b/etc/parole.profile
index f98703bd6..df8f8e194 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -26,4 +26,4 @@ shell none
26 26
27private-bin parole,dbus-launch 27private-bin parole,dbus-launch
28private-cache 28private-cache
29private-etc passwd,group,fonts 29private-etc passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
diff --git a/etc/ping.profile b/etc/ping.profile
index db5390a41..2b20bf8c9 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -40,7 +40,7 @@ private
40#private-bin has mammoth problems with execvp: "No such file or directory" 40#private-bin has mammoth problems with execvp: "No such file or directory"
41private-dev 41private-dev
42# /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! 42# /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem!
43#private-etc resolv.conf,hosts 43#private-etc resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies
44private-tmp 44private-tmp
45 45
46# memory-deny-write-execute is built using seccomp; nonewprivs will kill it 46# memory-deny-write-execute is built using seccomp; nonewprivs will kill it
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index 073108464..3a40b6260 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -36,7 +36,7 @@ shell none
36 36
37# private-dev is disabled to allow controller support 37# private-dev is disabled to allow controller support
38#private-dev 38#private-dev
39private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies 39private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
40private-opt ppsspp 40private-opt ppsspp
41private-tmp 41private-tmp
42 42
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 2017beee4..eb15ff445 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -51,7 +51,7 @@ shell none
51 51
52private-bin qbittorrent,python* 52private-bin qbittorrent,python*
53private-dev 53private-dev
54# private-etc X11,fonts,xdg,resolv.conf 54# private-etc X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies
55# private-lib - problems on Arch 55# private-lib - problems on Arch
56private-tmp 56private-tmp
57 57
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 26697eeaa..92a8bbf28 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -34,7 +34,7 @@ tracelog
34 34
35disable-mnt 35disable-mnt
36private-bin qtox 36private-bin qtox
37private-etc fonts,resolv.conf,ld.so.cache,localtime 37private-etc fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies
38private-dev 38private-dev
39private-tmp 39private-tmp
40 40
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index 947689d96..e73e8a5e1 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -33,7 +33,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res
33# tracelog 33# tracelog
34 34
35private-dev 35private-dev
36# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse 36# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
37# private-tmp - interferes with the opening of downloaded files 37# private-tmp - interferes with the opening of downloaded files
38 38
39noexec ${HOME} 39noexec ${HOME}
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index e23e7c756..2e2143a54 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -35,7 +35,7 @@ shell none
35disable-mnt 35disable-mnt
36private-bin ricochet,tor 36private-bin ricochet,tor
37private-dev 37private-dev
38#private-etc fonts,tor,X11,alternatives 38#private-etc fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies
39 39
40noexec ${HOME} 40noexec ${HOME}
41noexec /tmp 41noexec /tmp
diff --git a/etc/rview.profile b/etc/rview.profile
new file mode 100644
index 000000000..90481b019
--- /dev/null
+++ b/etc/rview.profile
@@ -0,0 +1,10 @@
1# Firejail profile for rview
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/rview.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/rvim.profile b/etc/rvim.profile
new file mode 100644
index 000000000..1070e9376
--- /dev/null
+++ b/etc/rvim.profile
@@ -0,0 +1,10 @@
1# Firejail profile for rvim
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/rvim.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index 423863cc2..365fd3a53 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -47,4 +47,4 @@ seccomp
47tracelog 47tracelog
48 48
49disable-mnt 49disable-mnt
50# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 50# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 3e8a4e41b..a15576478 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -32,5 +32,5 @@ tracelog
32 32
33# private-bin simple-scan 33# private-bin simple-scan
34# private-dev 34# private-dev
35# private-etc fonts 35# private-etc fonts,ca-certificates,ssl,pki,crypto-policies
36# private-tmp 36# private-tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index 13106255b..91bf0a722 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -37,5 +37,5 @@ shell none
37disable-mnt 37disable-mnt
38private-bin slack,locale 38private-bin slack,locale
39private-dev 39private-dev
40private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies 40private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id
41private-tmp 41private-tmp
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 0688723c7..7f40d4399 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -46,7 +46,7 @@ tracelog
46disable-mnt 46disable-mnt
47private-bin spotify,bash,sh,zenity 47private-bin spotify,bash,sh,zenity
48private-dev 48private-dev
49private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf 49private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies
50private-opt spotify 50private-opt spotify
51private-tmp 51private-tmp
52 52
diff --git a/etc/tor.profile b/etc/tor.profile
index cbe932104..6bfc1c9a6 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -44,7 +44,7 @@ private
44private-bin tor,bash 44private-bin tor,bash
45private-cache 45private-cache
46private-dev 46private-dev
47private-etc tor,passwd 47private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies
48private-tmp 48private-tmp
49 49
50noexec ${HOME} 50noexec ${HOME}
diff --git a/etc/totem.profile b/etc/totem.profile
index 3ac25440b..0acbc5127 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -31,9 +31,10 @@ seccomp
31shell none 31shell none
32 32
33private-bin totem 33private-bin totem
34private-cache 34# totem needs access to ~/.cache/tracker or it exits
35#private-cache
35private-dev 36private-dev
36# private-etc fonts 37# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
37private-tmp 38private-tmp
38 39
39noexec ${HOME} 40noexec ${HOME}
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 8b50859fc..849f9ed49 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -30,7 +30,7 @@ tracelog
30 30
31# private-bin transmission-cli 31# private-bin transmission-cli
32private-dev 32private-dev
33private-etc none 33private-etc ca-certificates,ssl,pki,crypto-policies
34private-tmp 34private-tmp
35 35
36memory-deny-write-execute 36memory-deny-write-execute
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 34c148ee9..985998382 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -27,5 +27,5 @@ shell none
27 27
28# private-bin unknown-horizons 28# private-bin unknown-horizons
29private-dev 29private-dev
30# private-etc none 30# private-etc ca-certificates,ssl,pki,crypto-policies
31private-tmp 31private-tmp
diff --git a/etc/vimcat.profile b/etc/vimcat.profile
new file mode 100644
index 000000000..5067c2fd1
--- /dev/null
+++ b/etc/vimcat.profile
@@ -0,0 +1,10 @@
1# Firejail profile for vimcat
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/vimcat.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile
new file mode 100644
index 000000000..f89a2c112
--- /dev/null
+++ b/etc/vimdiff.profile
@@ -0,0 +1,10 @@
1# Firejail profile for vimdiff
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/vimdiff.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/vimpager.profile b/etc/vimpager.profile
new file mode 100644
index 000000000..8bc7cc26a
--- /dev/null
+++ b/etc/vimpager.profile
@@ -0,0 +1,10 @@
1# Firejail profile for vimpager
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/vimpager.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile
new file mode 100644
index 000000000..83851d37e
--- /dev/null
+++ b/etc/vimtutor.profile
@@ -0,0 +1,10 @@
1# Firejail profile for vimtutor
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/vimtutor.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
diff --git a/etc/wget.profile b/etc/wget.profile
index a16d770f2..c509faecc 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -32,7 +32,7 @@ shell none
32 32
33# private-bin wget 33# private-bin wget
34private-dev 34private-dev
35# private-etc resolv.conf 35# private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies
36# private-tmp 36# private-tmp
37 37
38noexec ${HOME} 38noexec ${HOME}
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index e65cfc43c..64d2cefd5 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -33,8 +33,8 @@ shell none
33# Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore 33# Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore
34# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" 34# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
35 35
36disable-mnt
36private-bin wire-desktop 37private-bin wire-desktop
37private-dev 38private-dev
38private-etc fonts,machine-id,resolv.conf 39private-etc fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
39disable-mnt
40private-tmp 40private-tmp
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 2b597ba35..d45198f6a 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -42,7 +42,7 @@ tracelog
42 42
43# private-bin wireshark 43# private-bin wireshark
44private-dev 44private-dev
45# private-etc fonts,group,hosts,machine-id,passwd 45# private-etc fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies
46private-tmp 46private-tmp
47 47
48noexec ${HOME} 48noexec ${HOME}
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 9358fe192..14aced0d9 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -36,5 +36,5 @@ tracelog
36 36
37private-bin xiphos 37private-bin xiphos
38private-dev 38private-dev
39private-etc fonts,resolv.conf,sword 39private-etc fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies
40private-tmp 40private-tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index 1d2493f36..a5cfa7513 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -33,8 +33,7 @@ shell none
33disable-mnt 33disable-mnt
34private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl 34private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
35private-dev 35private-dev
36# private-etc breaks audio on some distros 36private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
37#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
38private-tmp 37private-tmp
39 38
40noexec ${HOME} 39noexec ${HOME}
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 46579ead8..f51362b6b 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -39,7 +39,7 @@ tracelog
39 39
40private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer 40private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer
41private-dev 41private-dev
42# private-etc fonts 42# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
43private-tmp 43private-tmp
44 44
45noexec ${HOME} 45noexec ${HOME}
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index aa582a56a..7ecc1ca0b 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -37,7 +37,7 @@ tracelog
37 37
38private-bin xviewer 38private-bin xviewer
39private-dev 39private-dev
40private-etc fonts 40#private-etc fonts
41private-lib 41private-lib
42private-tmp 42private-tmp
43 43
diff --git a/etc/xxd.profile b/etc/xxd.profile
new file mode 100644
index 000000000..59dac5a91
--- /dev/null
+++ b/etc/xxd.profile
@@ -0,0 +1,10 @@
1# Firejail profile for xxd
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/xxd.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/vim.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 13:19:27 +0000