diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-27 09:13:22 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-27 09:13:22 -0400 |
commit | 570f845a012c8328fcd97839b728844ae1c640f2 (patch) | |
tree | 90b7c3428eec20d294d83511db72e6a3394df6d6 /etc | |
parent | lxterinal profile fix (diff) | |
download | firejail-570f845a012c8328fcd97839b728844ae1c640f2.tar.gz firejail-570f845a012c8328fcd97839b728844ae1c640f2.tar.zst firejail-570f845a012c8328fcd97839b728844ae1c640f2.zip |
consolidated disable-terminals into disable-common
Diffstat (limited to 'etc')
61 files changed, 61 insertions, 91 deletions
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index c3ce7b618..1ee50b4d4 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -5,10 +5,11 @@ mkdir ~/.Wolfram Research | |||
5 | whitelist ~/.Wolfram Research | 5 | whitelist ~/.Wolfram Research |
6 | whitelist ~/Documents/Wolfram Mathematica | 6 | whitelist ~/Documents/Wolfram Mathematica |
7 | include /etc/firejail/whitelist-common.inc | 7 | include /etc/firejail/whitelist-common.inc |
8 | |||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-terminals.inc | 12 | |
12 | caps.drop all | 13 | caps.drop all |
13 | seccomp | 14 | seccomp |
14 | noroot | 15 | noroot |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 49417fbfe..690463a46 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | blacklist ${HOME}/.pki/nssdb | 5 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 6 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 7 | blacklist ${HOME}/.keepassx |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index c3bd58298..753e42480 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -3,7 +3,6 @@ noblacklist /sbin | |||
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-terminals.inc | ||
7 | protocol unix,inet,inet6 | 6 | protocol unix,inet,inet6 |
8 | private | 7 | private |
9 | private-dev | 8 | private-dev |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 09e87f043..349cc7acf 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | 5 | ||
7 | whitelist ${HOME}/cherrytree | 6 | whitelist ${HOME}/cherrytree |
8 | mkdir ~/.config | 7 | mkdir ~/.config |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 751426db8..58f62daa2 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -4,7 +4,6 @@ noblacklist ~/.cache/chromium | |||
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | ||
8 | 7 | ||
9 | # chromium is distributed with a perl script on Arch | 8 | # chromium is distributed with a perl script on Arch |
10 | # include /etc/firejail/disable-devel.inc | 9 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 4737541db..cc0614551 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Clementine media player profile | 1 | # Clementine media player profile |
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-terminals.inc | ||
5 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
6 | blacklist ${HOME}/.pki/nssdb | 5 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 6 | blacklist ${HOME}/.lastpass |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 57fedac61..67e529d0a 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | noblacklist ${HOME}/.conkeror.mozdev.org | 2 | noblacklist ${HOME}/.conkeror.mozdev.org |
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | caps.drop all | 5 | caps.drop all |
7 | seccomp | 6 | seccomp |
8 | protocol unix,inet,inet6 | 7 | protocol unix,inet,inet6 |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 4f222947f..89661d83c 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | blacklist ${HOME}/.pki/nssdb | 5 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 6 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 7 | blacklist ${HOME}/.keepassx |
diff --git a/etc/deluge.profile b/etc/deluge.profile index aeafb7a4a..eef2a42ee 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | blacklist ${HOME}/.pki/nssdb | 5 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 6 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 7 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index cb356dcf7..71439e10d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -125,3 +125,9 @@ blacklist /usr/local/sbin | |||
125 | 125 | ||
126 | # prevent lxterminal connecting to an existing lxterminal session | 126 | # prevent lxterminal connecting to an existing lxterminal session |
127 | blacklist /tmp/.lxterminal-socket* | 127 | blacklist /tmp/.lxterminal-socket* |
128 | |||
129 | # disable terminals running as server | ||
130 | blacklist ${PATH}/gnome-terminal | ||
131 | blacklist ${PATH}/gnome-terminal.wrapper | ||
132 | blacklist ${PATH}/xfce4-terminal | ||
133 | blacklist ${PATH}/xfce4-terminal.wrapper | ||
diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc deleted file mode 100644 index e69de29bb..000000000 --- a/etc/disable-mgmt.inc +++ /dev/null | |||
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc deleted file mode 100644 index 7d29cda31..000000000 --- a/etc/disable-secret.inc +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | # HOME directory | ||
2 | blacklist ${HOME}/.ssh | ||
3 | blacklist ${HOME}/.gnome2/keyrings | ||
4 | blacklist ${HOME}/kde4/share/apps/kwallet | ||
5 | blacklist ${HOME}/kde/share/apps/kwallet | ||
6 | blacklist ${HOME}/.local/share/kwalletd | ||
7 | blacklist ${HOME}/.netrc | ||
8 | blacklist ${HOME}/.gnupg | ||
9 | blacklist ${HOME}/*.kdbx | ||
10 | blacklist ${HOME}/*.kdb | ||
11 | blacklist ${HOME}/*.key | ||
12 | blacklist /etc/shadow | ||
13 | blacklist /etc/gshadow | ||
14 | blacklist /etc/passwd- | ||
15 | blacklist /etc/group- | ||
16 | blacklist /etc/shadow- | ||
17 | blacklist /etc/gshadow- | ||
18 | blacklist /etc/passwd+ | ||
19 | blacklist /etc/group+ | ||
20 | blacklist /etc/shadow+ | ||
21 | blacklist /etc/gshadow+ | ||
22 | blacklist /etc/ssh | ||
23 | blacklist /var/backup | ||
diff --git a/etc/disable-terminals.inc b/etc/disable-terminals.inc deleted file mode 100644 index c9db48087..000000000 --- a/etc/disable-terminals.inc +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | # disable terminals running as server | ||
2 | blacklist ${PATH}/gnome-terminal | ||
3 | blacklist ${PATH}/gnome-terminal.wrapper | ||
4 | blacklist ${PATH}/xfce4-terminal | ||
5 | blacklist ${PATH}/xfce4-terminal.wrapper | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 368830f15..dc6b783ee 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -4,7 +4,6 @@ noblacklist /usr/sbin | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-terminals.inc | ||
8 | private | 7 | private |
9 | private-dev | 8 | private-dev |
10 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 9 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index d31d1be8f..3b48f0d49 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # dropbox profile | 1 | # dropbox profile |
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-terminals.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 4 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 46a69120b..1c46f8b3e 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | ||
6 | blacklist ${HOME}/.wine | 5 | blacklist ${HOME}/.wine |
7 | caps.drop all | 6 | caps.drop all |
8 | seccomp | 7 | seccomp |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index b06e6ea78..319d2b177 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | whitelist ${DOWNLOADS} | 6 | whitelist ${DOWNLOADS} |
7 | mkdir ${HOME}/.local | 7 | mkdir ${HOME}/.local |
8 | mkdir ${HOME}/.local/share | 8 | mkdir ${HOME}/.local/share |
diff --git a/etc/evince.profile b/etc/evince.profile index 7b81c0453..13b342f06 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index e7d61160e..4b45208d7 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -3,7 +3,7 @@ noblacklist ${HOME}/.FBReader | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
8 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
9 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 39689e717..09e56b1ce 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -4,7 +4,7 @@ noblacklist ${HOME}/.config/filezilla | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-terminals.inc | 7 | |
8 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
diff --git a/etc/firefox.profile b/etc/firefox.profile index f23f84097..2d2716256 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -6,7 +6,6 @@ noblacklist ~/keepassx.kdbx | |||
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
9 | include /etc/firejail/disable-terminals.inc | ||
10 | 9 | ||
11 | caps.drop all | 10 | caps.drop all |
12 | seccomp | 11 | seccomp |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 613ef6652..3f6af42b1 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -10,7 +10,6 @@ noblacklist ~/.cache/slimjet | |||
10 | noblacklist ~/keepassx.kdbx | 10 | noblacklist ~/keepassx.kdbx |
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-terminals.inc | ||
14 | 13 | ||
15 | # chromium is distributed with a perl script on Arch | 14 | # chromium is distributed with a perl script on Arch |
16 | # include /etc/firejail/disable-devel.inc | 15 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/generic.profile b/etc/generic.profile index ae42c8a3b..2bf7a0703 100644 --- a/etc/generic.profile +++ b/etc/generic.profile | |||
@@ -3,7 +3,7 @@ | |||
3 | ################################ | 3 | ################################ |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
8 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
9 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 2313f36fc..1138a73bd 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 57c224191..8ca049778 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -4,7 +4,6 @@ noblacklist ~/.cache/google-chrome-beta | |||
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | ||
8 | 7 | ||
9 | # chromium is distributed with a perl script on Arch | 8 | # chromium is distributed with a perl script on Arch |
10 | # include /etc/firejail/disable-devel.inc | 9 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index e222ccf54..3e238d8f8 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -4,7 +4,6 @@ noblacklist ~/.cache/google-chrome-unstable | |||
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | ||
8 | 7 | ||
9 | # chromium is distributed with a perl script on Arch | 8 | # chromium is distributed with a perl script on Arch |
10 | # include /etc/firejail/disable-devel.inc | 9 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 767f73f88..afc57f948 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -4,7 +4,6 @@ noblacklist ~/.cache/google-chrome | |||
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | ||
8 | 7 | ||
9 | # chromium is distributed with a perl script on Arch | 8 | # chromium is distributed with a perl script on Arch |
10 | # include /etc/firejail/disable-devel.inc | 9 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index a9f1da373..13a311070 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -3,12 +3,10 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | ||
7 | 6 | ||
8 | caps.drop all | 7 | caps.drop all |
9 | noroot | 8 | noroot |
10 | private-dev | 9 | private-dev |
11 | whitelist /tmp/.X11-unix | ||
12 | seccomp | 10 | seccomp |
13 | tracelog | 11 | tracelog |
14 | 12 | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 6ceeaefce..8f6fd6217 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -3,7 +3,7 @@ noblacklist ${HOME}/.config/hexchat | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 35a1a15a0..78e72a7a7 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -3,12 +3,13 @@ noblacklist ${HOME}/.gnupg | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
8 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
9 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
10 | blacklist ${HOME}/.password-store | 10 | blacklist ${HOME}/.password-store |
11 | blacklist ${HOME}/.wine | 11 | blacklist ${HOME}/.wine |
12 | |||
12 | caps.drop all | 13 | caps.drop all |
13 | seccomp | 14 | seccomp |
14 | protocol unix,inet,inet6,netlink | 15 | protocol unix,inet,inet6,netlink |
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index e98ac0b83..88a7a8c7a 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -2,14 +2,14 @@ | |||
2 | 2 | ||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | |||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
8 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | |||
9 | caps.drop all | 11 | caps.drop all |
10 | seccomp | 12 | seccomp |
11 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
12 | netfilter | 14 | netfilter |
13 | |||
14 | #noroot - somehow this breaks on Debian Jessie! | 15 | #noroot - somehow this breaks on Debian Jessie! |
15 | |||
diff --git a/etc/midori.profile b/etc/midori.profile index 1cd686bfe..7fc27e07c 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -3,7 +3,7 @@ noblacklist ${HOME}/.config/midori | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 5a4ad4f24..45dc4757f 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -3,7 +3,7 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | mkdir ${HOME}/.local | 7 | mkdir ${HOME}/.local |
8 | mkdir ${HOME}/.local/share | 8 | mkdir ${HOME}/.local/share |
9 | mkdir ${HOME}/.local/share/mupen64plus | 9 | mkdir ${HOME}/.local/share/mupen64plus |
@@ -11,6 +11,7 @@ whitelist ${HOME}/.local/share/mupen64plus/ | |||
11 | mkdir ${HOME}/.config | 11 | mkdir ${HOME}/.config |
12 | mkdir ${HOME}/.config/mupen64plus | 12 | mkdir ${HOME}/.config/mupen64plus |
13 | whitelist ${HOME}/.config/mupen64plus/ | 13 | whitelist ${HOME}/.config/mupen64plus/ |
14 | |||
14 | noroot | 15 | noroot |
15 | caps.drop all | 16 | caps.drop all |
16 | seccomp | 17 | seccomp |
diff --git a/etc/openbox.profile b/etc/openbox.profile index 42eb5e9fa..8a46e6841 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
@@ -1,12 +1,15 @@ | |||
1 | ################################ | 1 | ################################ |
2 | # Generic GUI application profile | 2 | # OpenBox window manager profile |
3 | # - all applications started in OpenBox will run in | ||
4 | # this profile | ||
3 | ################################ | 5 | ################################ |
4 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-terminals.inc | 7 | |
6 | blacklist ${HOME}/.pki/nssdb | 8 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 9 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 10 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 11 | blacklist ${HOME}/.password-store |
12 | |||
10 | caps.drop all | 13 | caps.drop all |
11 | seccomp | 14 | seccomp |
12 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 9659b30de..7b74d6dd1 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -5,7 +5,6 @@ noblacklist ~/keepassx.kdbx | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | ||
9 | 8 | ||
10 | netfilter | 9 | netfilter |
11 | 10 | ||
diff --git a/etc/opera.profile b/etc/opera.profile index 3c8868896..2d7a9ca06 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -5,7 +5,6 @@ noblacklist ~/keepassx.kdbx | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | ||
9 | 8 | ||
10 | netfilter | 9 | netfilter |
11 | 10 | ||
diff --git a/etc/parole.profile b/etc/parole.profile index 3369b191c..9f63e5b16 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -2,13 +2,15 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | private-etc passwd,group,fonts | 6 | private-etc passwd,group,fonts |
7 | private-bin parole,dbus-launch | 7 | private-bin parole,dbus-launch |
8 | |||
8 | blacklist ${HOME}/.pki/nssdb | 9 | blacklist ${HOME}/.pki/nssdb |
9 | blacklist ${HOME}/.lastpass | 10 | blacklist ${HOME}/.lastpass |
10 | blacklist ${HOME}/.keepassx | 11 | blacklist ${HOME}/.keepassx |
11 | blacklist ${HOME}/.password-store | 12 | blacklist ${HOME}/.password-store |
13 | |||
12 | caps.drop all | 14 | caps.drop all |
13 | seccomp | 15 | seccomp |
14 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 8080a8905..ea5d82103 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -3,8 +3,9 @@ noblacklist ${HOME}/.purple | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | 10 | seccomp |
10 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/polari.profile b/etc/polari.profile index 5e40aedf5..0bc46f3f7 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | mkdir ${HOME}/.local | 6 | mkdir ${HOME}/.local |
7 | mkdir ${HOME}/.local/share/ | 7 | mkdir ${HOME}/.local/share/ |
8 | mkdir ${HOME}/.local/share/Empathy | 8 | mkdir ${HOME}/.local/share/Empathy |
@@ -20,6 +20,7 @@ whitelist ${HOME}/.cache/telepathy | |||
20 | mkdir ${HOME}/.purple | 20 | mkdir ${HOME}/.purple |
21 | whitelist ${HOME}/.purple | 21 | whitelist ${HOME}/.purple |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | |||
23 | caps.drop all | 24 | caps.drop all |
24 | seccomp | 25 | seccomp |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 87afb78a6..9ad073b05 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | blacklist ${HOME}/.wine | 10 | blacklist ${HOME}/.wine |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/qtox.profile b/etc/qtox.profile index 976e80c31..80acc3873 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -3,11 +3,12 @@ noblacklist ${HOME}/.config/tox | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | mkdir ${HOME}/.config/tox | 7 | mkdir ${HOME}/.config/tox |
8 | whitelist ${HOME}/.config/tox | 8 | whitelist ${HOME}/.config/tox |
9 | whitelist ${DOWNLOADS} | 9 | whitelist ${DOWNLOADS} |
10 | include /etc/firejail/whitelist-common.inc | 10 | include /etc/firejail/whitelist-common.inc |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 073b50623..1fba23784 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -2,8 +2,9 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
7 | |||
7 | caps.drop all | 8 | caps.drop all |
8 | seccomp | 9 | seccomp |
9 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 31b075c7a..3b7bf2d55 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -5,8 +5,6 @@ noblacklist ~/.cache/qutebrowser | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | ||
9 | |||
10 | 8 | ||
11 | caps.drop all | 9 | caps.drop all |
12 | seccomp | 10 | seccomp |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 3215063fa..50838a15b 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | blacklist ${HOME}/.wine | 10 | blacklist ${HOME}/.wine |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 2c6689811..5575dcd63 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-terminals.inc | 3 | include /etc/firejail/disable-terminals.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 08a6ad521..71a52b3bb 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -5,7 +5,6 @@ noblacklist ~/keepassx.kdbx | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | ||
9 | 8 | ||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
@@ -48,8 +47,6 @@ whitelist ~/.wine-pipelight64 | |||
48 | whitelist ~/.config/pipelight-widevine | 47 | whitelist ~/.config/pipelight-widevine |
49 | whitelist ~/.config/pipelight-silverlight5.1 | 48 | whitelist ~/.config/pipelight-silverlight5.1 |
50 | 49 | ||
51 | |||
52 | |||
53 | # experimental features | 50 | # experimental features |
54 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 51 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
55 | 52 | ||
diff --git a/etc/skype.profile b/etc/skype.profile index 77f10e644..26feac1a4 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -3,7 +3,7 @@ noblacklist ${HOME}/.Skype | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | noroot | 9 | noroot |
diff --git a/etc/ssh.profile b/etc/ssh.profile index f0e33540a..32536c0a7 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -2,11 +2,12 @@ | |||
2 | noblacklist ~/.ssh | 2 | noblacklist ~/.ssh |
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | |||
10 | caps.drop all | 11 | caps.drop all |
11 | seccomp | 12 | seccomp |
12 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
diff --git a/etc/steam.profile b/etc/steam.profile index 7cfa21028..31ebf543e 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -4,7 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-terminals.inc | 7 | |
8 | caps.drop all | 8 | caps.drop all |
9 | netfilter | 9 | netfilter |
10 | noroot | 10 | noroot |
diff --git a/etc/telegram.profile b/etc/telegram.profile index acafdda00..df6b6a270 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -3,7 +3,6 @@ noblacklist ${HOME}/.TelegramDesktop | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | ||
7 | 6 | ||
8 | caps.drop all | 7 | caps.drop all |
9 | seccomp | 8 | seccomp |
diff --git a/etc/totem.profile b/etc/totem.profile index 2cff319a7..ad55e320a 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | blacklist ${HOME}/.wine | 10 | blacklist ${HOME}/.wine |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 269686fa1..ac685aee4 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | blacklist ${HOME}/.wine | 10 | blacklist ${HOME}/.wine |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index d032752b4..b8dffbece 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
9 | blacklist ${HOME}/.password-store | 9 | blacklist ${HOME}/.password-store |
10 | blacklist ${HOME}/.wine | 10 | blacklist ${HOME}/.wine |
11 | |||
11 | caps.drop all | 12 | caps.drop all |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 4a6544a12..6593075c8 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -2,12 +2,13 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | netfilter | 9 | netfilter |
10 | noroot | 10 | noroot |
11 | |||
11 | whitelist ${DOWNLOADS} | 12 | whitelist ${DOWNLOADS} |
12 | mkdir ~/.config | 13 | mkdir ~/.config |
13 | mkdir ~/.config/uGet | 14 | mkdir ~/.config/uGet |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 594d67cf9..24ca88b03 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -4,7 +4,7 @@ noblacklist /usr/sbin | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-terminals.inc | 7 | |
8 | private | 8 | private |
9 | private-dev | 9 | private-dev |
10 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 10 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index e039c4676..a4ab60e6c 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -5,7 +5,6 @@ noblacklist ~/keepassx.kdbx | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | ||
9 | 8 | ||
10 | netfilter | 9 | netfilter |
11 | 10 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 980d2816f..7cd913040 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -3,12 +3,13 @@ noblacklist ${HOME}/.config/vlc | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
8 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
9 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
10 | blacklist ${HOME}/.password-store | 10 | blacklist ${HOME}/.password-store |
11 | blacklist ${HOME}/.wine | 11 | blacklist ${HOME}/.wine |
12 | |||
12 | caps.drop all | 13 | caps.drop all |
13 | seccomp | 14 | seccomp |
14 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
diff --git a/etc/weechat.profile b/etc/weechat.profile index ec305b45b..280a5f9d8 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | noblacklist ${HOME}/.weechat | 2 | noblacklist ${HOME}/.weechat |
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-terminals.inc | 5 | |
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 7a2ade1fe..4075232d2 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -3,7 +3,6 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | ||
7 | 6 | ||
8 | caps.drop all | 7 | caps.drop all |
9 | seccomp | 8 | seccomp |
diff --git a/etc/wine.profile b/etc/wine.profile index 993037794..f93fa6dc2 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -5,7 +5,7 @@ noblacklist ${HOME}/.wine | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-terminals.inc | 8 | |
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | noroot | 11 | noroot |
diff --git a/etc/xchat.profile b/etc/xchat.profile index 552918750..ae1a6de53 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -3,7 +3,7 @@ noblacklist ${HOME}/.config/xchat | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 6 | |
7 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | seccomp |