diff options
author | netblue30 <netblue30@yahoo.com> | 2017-09-17 11:27:51 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-09-17 11:27:51 -0400 |
commit | efcda9cb5f9da6f8bed95313b7f7a93b26b390ce (patch) | |
tree | 7b1853c836759005f4ce73b21c06af0c3ba538ff /etc | |
parent | README.md description (diff) | |
download | firejail-efcda9cb5f9da6f8bed95313b7f7a93b26b390ce.tar.gz firejail-efcda9cb5f9da6f8bed95313b7f7a93b26b390ce.tar.zst firejail-efcda9cb5f9da6f8bed95313b7f7a93b26b390ce.zip |
whitelisting /var
Diffstat (limited to 'etc')
-rw-r--r-- | etc/chromium.profile | 1 | ||||
-rw-r--r-- | etc/firefox.profile | 1 | ||||
-rw-r--r-- | etc/galculator.profile | 1 | ||||
-rw-r--r-- | etc/gimp.profile | 2 | ||||
-rw-r--r-- | etc/inkscape.profile | 2 | ||||
-rw-r--r-- | etc/leafpad.profile | 2 | ||||
-rw-r--r-- | etc/mousepad.profile | 2 | ||||
-rw-r--r-- | etc/mpv.profile | 2 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 1 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 1 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | etc/whitelist-var-common.inc | 10 |
12 files changed, 27 insertions, 0 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile index 9be99e68a..0c7058a11 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -23,6 +23,7 @@ whitelist ~/.config/chromium | |||
23 | whitelist ~/.config/chromium-flags.conf | 23 | whitelist ~/.config/chromium-flags.conf |
24 | whitelist ~/.pki | 24 | whitelist ~/.pki |
25 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | include /etc/firejail/whitelist-var-common.inc | ||
26 | 27 | ||
27 | caps.keep sys_chroot,sys_admin | 28 | caps.keep sys_chroot,sys_admin |
28 | netfilter | 29 | netfilter |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 1bd45ebd1..f65b020a9 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -59,6 +59,7 @@ whitelist ~/.wine-pipelight64 | |||
59 | whitelist ~/.zotero | 59 | whitelist ~/.zotero |
60 | whitelist ~/dwhelper | 60 | whitelist ~/dwhelper |
61 | include /etc/firejail/whitelist-common.inc | 61 | include /etc/firejail/whitelist-common.inc |
62 | include /etc/firejail/whitelist-var-common.inc | ||
62 | 63 | ||
63 | caps.drop all | 64 | caps.drop all |
64 | netfilter | 65 | netfilter |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 37f147f0f..dbc22a889 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | mkdir ~/.config/galculator | 15 | mkdir ~/.config/galculator |
16 | whitelist ~/.config/galculator | 16 | whitelist ~/.config/galculator |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | ||
18 | 19 | ||
19 | caps.drop all | 20 | caps.drop all |
20 | net none | 21 | net none |
diff --git a/etc/gimp.profile b/etc/gimp.profile index aa77d6105..292c2aac9 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-common.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | net none | 17 | net none |
16 | nodvd | 18 | nodvd |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 1d24f5d7d..3266d8230 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | nodvd | 19 | nodvd |
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index e7557651b..c9addba21 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | no3d | 19 | no3d |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 36365fc2f..60205ffda 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | nodvd | 19 | nodvd |
diff --git a/etc/mpv.profile b/etc/mpv.profile index 0592751ef..eb8a88a4b 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
18 | nogroups | 20 | nogroups |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0bb721c64..6a8d6c679 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -19,6 +19,7 @@ whitelist ${DOWNLOADS} | |||
19 | whitelist ~/.cache/transmission | 19 | whitelist ~/.cache/transmission |
20 | whitelist ~/.config/transmission | 20 | whitelist ~/.config/transmission |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | ||
22 | 23 | ||
23 | caps.drop all | 24 | caps.drop all |
24 | netfilter | 25 | netfilter |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 08964bbab..4db8e19ce 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -19,6 +19,7 @@ whitelist ${DOWNLOADS} | |||
19 | whitelist ~/.cache/transmission | 19 | whitelist ~/.cache/transmission |
20 | whitelist ~/.config/transmission | 20 | whitelist ~/.config/transmission |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | ||
22 | 23 | ||
23 | caps.drop all | 24 | caps.drop all |
24 | netfilter | 25 | netfilter |
diff --git a/etc/vlc.profile b/etc/vlc.profile index bccde7a3d..c3a4d58d0 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | # nogroups | 19 | # nogroups |
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc new file mode 100644 index 000000000..67c2a14c2 --- /dev/null +++ b/etc/whitelist-var-common.inc | |||
@@ -0,0 +1,10 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/whitelist-var-common.local | ||
3 | |||
4 | # common /var whitelist for all profiles | ||
5 | |||
6 | whitelist /var/lib/dbus/machine-id | ||
7 | whitelist /var/lib/menu-xdg | ||
8 | whitelist /var/cache/fontconfig | ||
9 | whitelist /var/tmp | ||
10 | whitelist /var/run | ||