diff options
author | netblue30 <netblue30@yahoo.com> | 2017-09-25 11:20:40 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-09-25 11:20:40 -0400 |
commit | 96fcbcbbbfb360937197c95f2b7b85d09bdb95d9 (patch) | |
tree | 9ac73467d1cf964a7c75b9658dbe5457960c9f41 /etc | |
parent | fix firecfg (diff) | |
parent | add whitelist-var-common to some profiles (diff) | |
download | firejail-96fcbcbbbfb360937197c95f2b7b85d09bdb95d9.tar.gz firejail-96fcbcbbbfb360937197c95f2b7b85d09bdb95d9.tar.zst firejail-96fcbcbbbfb360937197c95f2b7b85d09bdb95d9.zip |
Merge branch 'master' of http://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ark.profile | 2 | ||||
-rw-r--r-- | etc/atril.profile | 2 | ||||
-rw-r--r-- | etc/audacious.profile | 2 | ||||
-rw-r--r-- | etc/audacity.profile | 2 | ||||
-rw-r--r-- | etc/baloo_file.profile | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/dnscrypt-proxy.profile | 3 | ||||
-rw-r--r-- | etc/dnsmasq.profile | 1 | ||||
-rw-r--r-- | etc/engrampa.profile | 2 | ||||
-rw-r--r-- | etc/eog.profile | 2 | ||||
-rw-r--r-- | etc/eom.profile | 2 | ||||
-rw-r--r-- | etc/evince.profile | 2 | ||||
-rw-r--r-- | etc/ffmpeg.profile | 12 | ||||
-rw-r--r-- | etc/file-roller.profile | 2 | ||||
-rw-r--r-- | etc/gwenview.profile | 2 | ||||
-rw-r--r-- | etc/konversation.profile | 2 | ||||
-rw-r--r-- | etc/ktorrent.profile | 1 | ||||
-rw-r--r-- | etc/mediathekview.profile | 2 | ||||
-rw-r--r-- | etc/musescore.profile | 2 | ||||
-rw-r--r-- | etc/okular.profile | 2 | ||||
-rw-r--r-- | etc/scribus.profile | 2 | ||||
-rw-r--r-- | etc/tuxguitar.profile | 2 | ||||
-rw-r--r-- | etc/unbound.profile | 3 | ||||
-rw-r--r-- | etc/xreader.profile | 2 | ||||
-rw-r--r-- | etc/xviewer.profile | 2 |
25 files changed, 49 insertions, 12 deletions
diff --git a/etc/ark.profile b/etc/ark.profile index 38bd5246e..ba9cb1134 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | nodvd | 19 | nodvd |
diff --git a/etc/atril.profile b/etc/atril.profile index 2e4af9086..052b41655 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | no3d | 19 | no3d |
18 | nodvd | 20 | nodvd |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 52e701821..7e2b91773 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
18 | nogroups | 20 | nogroups |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 9fbc2b16d..88aea243e 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | net none | 18 | net none |
17 | no3d | 19 | no3d |
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 4e603971f..2c2d70c00 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -17,6 +17,8 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | ||
21 | |||
20 | caps.drop all | 22 | caps.drop all |
21 | no3d | 23 | no3d |
22 | nodvd | 24 | nodvd |
@@ -29,8 +31,10 @@ novideo | |||
29 | protocol unix | 31 | protocol unix |
30 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 32 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
31 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 33 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
34 | shell none | ||
32 | x11 xorg | 35 | x11 xorg |
33 | 36 | ||
37 | private-bin baloo_file,baloo_file_extractor,kbuildsycoca4 | ||
34 | private-dev | 38 | private-dev |
35 | private-tmp | 39 | private-tmp |
36 | 40 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index ad589890c..4779b0aae 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -378,6 +378,7 @@ blacklist ${HOME}/.synfig | |||
378 | blacklist ${HOME}/.tconn | 378 | blacklist ${HOME}/.tconn |
379 | blacklist ${HOME}/.thunderbird | 379 | blacklist ${HOME}/.thunderbird |
380 | blacklist ${HOME}/.tooling | 380 | blacklist ${HOME}/.tooling |
381 | blacklist ${HOME}/.tor-browser-en | ||
381 | blacklist ${HOME}/.ts3client | 382 | blacklist ${HOME}/.ts3client |
382 | blacklist ${HOME}/.tuxguitar* | 383 | blacklist ${HOME}/.tuxguitar* |
383 | blacklist ${HOME}/.unknow-horizons | 384 | blacklist ${HOME}/.unknow-horizons |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 86af9c7b3..6d4f6349a 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -9,7 +9,6 @@ blacklist /tmp/.X11-unix | |||
9 | 9 | ||
10 | noblacklist /sbin | 10 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | noblacklist /var/log | ||
13 | 12 | ||
14 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
@@ -31,4 +30,4 @@ private | |||
31 | private-dev | 30 | private-dev |
32 | 31 | ||
33 | # mdwe can break modules/plugins | 32 | # mdwe can break modules/plugins |
34 | # memory-deny-write-execute | 33 | memory-deny-write-execute |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index d4cd0530e..2a1302adb 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -9,7 +9,6 @@ blacklist /tmp/.X11-unix | |||
9 | 9 | ||
10 | noblacklist /sbin | 10 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | noblacklist /var/log | ||
13 | 12 | ||
14 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 7bc5e7481..c198adba9 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | # net none - makes settings immutable | 17 | # net none - makes settings immutable |
16 | no3d | 18 | no3d |
diff --git a/etc/eog.profile b/etc/eog.profile index e5161b313..5ff926371 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | # net none - makes settings immutable | 21 | # net none - makes settings immutable |
20 | no3d | 22 | no3d |
diff --git a/etc/eom.profile b/etc/eom.profile index 3fb1fcaf4..802578959 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | # net none - makes settings immutable | 21 | # net none - makes settings immutable |
20 | no3d | 22 | no3d |
diff --git a/etc/evince.profile b/etc/evince.profile index 2c7c754d8..466260c49 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | # net none breaks AppArmor on Ubuntu systems | ||
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
20 | nodvd | 21 | nodvd |
@@ -28,7 +29,6 @@ protocol unix | |||
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | tracelog | 31 | tracelog |
31 | # net none breaks AppArmor on Ubuntu systems | ||
32 | 32 | ||
33 | private-bin evince,evince-previewer,evince-thumbnailer | 33 | private-bin evince,evince-previewer,evince-thumbnailer |
34 | private-dev | 34 | private-dev |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index e098c95e3..5db39cf61 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for default | 1 | # Firejail profile for ffmpeg |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | net none | 17 | net none |
16 | no3d | 18 | no3d |
@@ -23,11 +25,11 @@ noroot | |||
23 | # protocol none - needs to be implemented! | 25 | # protocol none - needs to be implemented! |
24 | seccomp | 26 | seccomp |
25 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom | 27 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom |
26 | # memory-deny-write-execute - it breaks old versions of ffmpeg | ||
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | 30 | ||
30 | private-tmp | ||
31 | private-dev | ||
32 | private-bin ffmpeg | 31 | private-bin ffmpeg |
33 | include /etc/firejail/whitelist-var-common.inc | 32 | private-dev |
33 | private-tmp | ||
34 | |||
35 | # memory-deny-write-execute - it breaks old versions of ffmpeg | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 8484aa162..01e689b9d 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | # net none - makes settings immutable | 17 | # net none - makes settings immutable |
16 | no3d | 18 | no3d |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 7f1577afe..2b025e56c 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -19,6 +19,8 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | nodvd | 25 | nodvd |
24 | nogroups | 26 | nogroups |
diff --git a/etc/konversation.profile b/etc/konversation.profile index 8ffc43487..7d09857ba 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | netfilter | 17 | netfilter |
16 | nodvd | 18 | nodvd |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index c0b37df3c..e95bc23ca 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -31,6 +31,7 @@ whitelist ~/.kde4/share/apps/ktorrent | |||
31 | whitelist ~/.kde4/share/config/ktorrentrc | 31 | whitelist ~/.kde4/share/config/ktorrentrc |
32 | whitelist ~/.local/share/ktorrent | 32 | whitelist ~/.local/share/ktorrent |
33 | include /etc/firejail/whitelist-common.inc | 33 | include /etc/firejail/whitelist-common.inc |
34 | include /etc/firejail/whitelist-var-common.inc | ||
34 | 35 | ||
35 | caps.drop all | 36 | caps.drop all |
36 | netfilter | 37 | netfilter |
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 1cda5022d..dc9946794 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
@@ -21,6 +21,8 @@ include /etc/firejail/disable-devel.inc | |||
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | ||
25 | |||
24 | caps.drop all | 26 | caps.drop all |
25 | netfilter | 27 | netfilter |
26 | nodvd | 28 | nodvd |
diff --git a/etc/musescore.profile b/etc/musescore.profile index b039d07b2..b3d04c08f 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | netfilter | 21 | netfilter |
20 | no3d | 22 | no3d |
diff --git a/etc/okular.profile b/etc/okular.profile index 94736fbae..60390e4d8 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -36,7 +36,7 @@ seccomp | |||
36 | shell none | 36 | shell none |
37 | tracelog | 37 | tracelog |
38 | 38 | ||
39 | # private-bin okular,kbuildsycoca4,lpr | 39 | # private-bin okular,kbuildsycoca4,kdeinit4,lpr |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts,X11 | 41 | # private-etc fonts,X11 |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/scribus.profile b/etc/scribus.profile index 38f1e5b3c..1b2d0c0b8 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -26,6 +26,8 @@ include /etc/firejail/disable-devel.inc | |||
26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include /etc/firejail/disable-passwdmgr.inc |
27 | include /etc/firejail/disable-programs.inc | 27 | include /etc/firejail/disable-programs.inc |
28 | 28 | ||
29 | include /etc/firejail/whitelist-var-common.inc | ||
30 | |||
29 | caps.drop all | 31 | caps.drop all |
30 | net none | 32 | net none |
31 | nodvd | 33 | nodvd |
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index fbc198cc3..30e2a619d 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
18 | no3d | 20 | no3d |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 2a38aa7c6..d380b5698 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -9,7 +9,6 @@ blacklist /tmp/.X11-unix | |||
9 | 9 | ||
10 | noblacklist /sbin | 10 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | noblacklist /var/log | ||
13 | 12 | ||
14 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
@@ -31,4 +30,4 @@ private | |||
31 | private-dev | 30 | private-dev |
32 | 31 | ||
33 | # mdwe can break modules/plugins | 32 | # mdwe can break modules/plugins |
34 | # memory-deny-write-execute | 33 | memory-deny-write-execute |
diff --git a/etc/xreader.profile b/etc/xreader.profile index c02b9a014..bebcb262f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | ||
18 | |||
17 | caps.drop all | 19 | caps.drop all |
18 | no3d | 20 | no3d |
19 | nodvd | 21 | nodvd |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index b9ff3948a..53f2a0c82 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | # net none - makes settings immutable | 21 | # net none - makes settings immutable |
20 | no3d | 22 | no3d |