diff options
author | netblue30 <netblue30@yahoo.com> | 2018-03-30 14:22:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-03-30 14:22:54 -0400 |
commit | dd94e54c70e23496c4e3a841ca3fb0849cb96a9a (patch) | |
tree | d51885bf61ec6ca306ad99076f263b9f73a8bc45 /etc | |
parent | testing (diff) | |
parent | redirect knotes to kmail, some tweaks (diff) | |
download | firejail-dd94e54c70e23496c4e3a841ca3fb0849cb96a9a.tar.gz firejail-dd94e54c70e23496c4e3a841ca3fb0849cb96a9a.tar.zst firejail-dd94e54c70e23496c4e3a841ca3fb0849cb96a9a.zip |
Merge branch 'master' of http://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r-- | etc/akonadi_control.profile | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/kmail.profile | 2 | ||||
-rw-r--r-- | etc/knotes.profile | 34 | ||||
-rw-r--r-- | etc/krunner.profile | 1 | ||||
-rw-r--r-- | etc/smplayer.profile | 2 | ||||
-rw-r--r-- | etc/vlc.profile | 2 |
7 files changed, 14 insertions, 32 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 296b25b83..3a4404b28 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
@@ -23,8 +23,8 @@ include /etc/firejail/disable-programs.inc | |||
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
25 | 25 | ||
26 | # the default mysqld-akonadi apparmor profile in debian and ubuntu | 26 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. |
27 | # is not compatible with the commented options below | 27 | # this affects ubuntu and debian currently |
28 | 28 | ||
29 | # apparmor | 29 | # apparmor |
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3842a46f1..a6f12f3db 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -385,6 +385,7 @@ blacklist ${HOME}/.local/share/kate | |||
385 | blacklist ${HOME}/.local/share/kdenlive | 385 | blacklist ${HOME}/.local/share/kdenlive |
386 | blacklist ${HOME}/.local/share/kget | 386 | blacklist ${HOME}/.local/share/kget |
387 | blacklist ${HOME}/.local/share/kmail2 | 387 | blacklist ${HOME}/.local/share/kmail2 |
388 | blacklist ${HOME}/.local/share/knotes | ||
388 | blacklist ${HOME}/.local/share/krita | 389 | blacklist ${HOME}/.local/share/krita |
389 | blacklist ${HOME}/.local/share/ktorrentrc | 390 | blacklist ${HOME}/.local/share/ktorrentrc |
390 | blacklist ${HOME}/.local/share/ktorrent | 391 | blacklist ${HOME}/.local/share/ktorrent |
diff --git a/etc/kmail.profile b/etc/kmail.profile index f095b5853..3e425b62e 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -28,6 +28,8 @@ include /etc/firejail/disable-devel.inc | |||
28 | include /etc/firejail/disable-passwdmgr.inc | 28 | include /etc/firejail/disable-passwdmgr.inc |
29 | include /etc/firejail/disable-programs.inc | 29 | include /etc/firejail/disable-programs.inc |
30 | 30 | ||
31 | include /etc/firejail/whitelist-var-common.inc | ||
32 | |||
31 | # apparmor | 33 | # apparmor |
32 | caps.drop all | 34 | caps.drop all |
33 | netfilter | 35 | netfilter |
diff --git a/etc/knotes.profile b/etc/knotes.profile index 85b267f8b..4bbbd332d 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -5,34 +5,12 @@ include /etc/firejail/knotes.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/akonadi* | 8 | # knotes has problems launching akonadi in debian and ubuntu. |
9 | noblacklist ${HOME}/.config/knotesrc | 9 | # one solution is to have akonadi already running when knotes is started |
10 | noblacklist ${HOME}/.local/share/akonadi* | ||
11 | noblacklist /tmp/akonadi-* | ||
12 | |||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | 10 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 11 | noblacklist ${HOME}/.config/knotesrc |
19 | 12 | noblacklist ${HOME}/.local/share/knotes | |
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | nosound | ||
27 | notv | ||
28 | novideo | ||
29 | protocol unix | ||
30 | seccomp | ||
31 | shell none | ||
32 | tracelog | ||
33 | 13 | ||
34 | private-dev | ||
35 | # private-tmp - interrupts connection to akonadi | ||
36 | 14 | ||
37 | noexec ${HOME} | 15 | # Redirect |
38 | noexec /tmp | 16 | include /etc/firejail/kmail.profile |
diff --git a/etc/krunner.profile b/etc/krunner.profile index 8382a5c66..17526c4ea 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/globals.local | |||
11 | 11 | ||
12 | # noblacklist ${HOME}/.cache/krunner | 12 | # noblacklist ${HOME}/.cache/krunner |
13 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite | 13 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite |
14 | # noblacklist ${HOME}/.config/chromium | ||
14 | noblacklist ${HOME}/.config/krunnerrc | 15 | noblacklist ${HOME}/.config/krunnerrc |
15 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 16 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
16 | noblacklist ${HOME}/.kde4/share/config/krunnerrc | 17 | noblacklist ${HOME}/.kde4/share/config/krunnerrc |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 60af4cf17..187b0674a 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -18,7 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | # nodbus | 21 | # nodbus - problems with KDE |
22 | # nogroups | 22 | # nogroups |
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 0b362eb32..c8c84b992 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -19,7 +19,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | # nodbus | 22 | # nodbus - problems with KDE |
23 | # nogroups | 23 | # nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |