diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-01 08:15:01 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-01 08:15:01 -0500 |
commit | 77d23460d3de0d1ce73326704378da759dcd6aad (patch) | |
tree | a7fcef54148130adf7144bba6c7779f44043f751 /etc | |
parent | --chroot testing (diff) | |
download | firejail-77d23460d3de0d1ce73326704378da759dcd6aad.tar.gz firejail-77d23460d3de0d1ce73326704378da759dcd6aad.tar.zst firejail-77d23460d3de0d1ce73326704378da759dcd6aad.zip |
added disable-devel.inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/audacious.profile | 1 | ||||
-rw-r--r-- | etc/chromium.profile | 1 | ||||
-rw-r--r-- | etc/clementine.profile | 1 | ||||
-rw-r--r-- | etc/deadbeef.profile | 1 | ||||
-rw-r--r-- | etc/deluge.profile | 1 | ||||
-rw-r--r-- | etc/disable-devel.inc | 29 | ||||
-rw-r--r-- | etc/empathy.profile | 1 | ||||
-rw-r--r-- | etc/evince.profile | 1 | ||||
-rw-r--r-- | etc/fbreader.profile | 1 | ||||
-rw-r--r-- | etc/filezilla.profile | 1 | ||||
-rw-r--r-- | etc/firefox.profile | 1 | ||||
-rw-r--r-- | etc/gnome-mplayer.profile | 1 | ||||
-rw-r--r-- | etc/midori.profile | 1 | ||||
-rw-r--r-- | etc/opera.profile | 1 | ||||
-rw-r--r-- | etc/pidgin.profile | 1 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 1 | ||||
-rw-r--r-- | etc/quassel.profile | 1 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 1 | ||||
-rw-r--r-- | etc/skype.profile | 1 | ||||
-rw-r--r-- | etc/spotify.profile | 1 | ||||
-rw-r--r-- | etc/steam.profile | 1 | ||||
-rw-r--r-- | etc/thunderbird.profile | 1 | ||||
-rw-r--r-- | etc/totem.profile | 1 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 1 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 1 | ||||
-rw-r--r-- | etc/vlc.profile | 1 | ||||
-rw-r--r-- | etc/wine.profile | 1 | ||||
-rw-r--r-- | etc/xchat.profile | 1 |
28 files changed, 56 insertions, 0 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile index be19e3924..fa9cbbc52 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 117ecab92..bba2f0e10 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/chromium | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | netfilter | 7 | netfilter |
7 | whitelist ~/Downloads | 8 | whitelist ~/Downloads |
8 | whitelist ~/.config/chromium | 9 | whitelist ~/.config/chromium |
diff --git a/etc/clementine.profile b/etc/clementine.profile index ee39bee37..e84d8f19a 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index c623845e0..0d6e70a4a 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/deluge.profile b/etc/deluge.profile index ca63bc16d..6ca5d33a4 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc new file mode 100644 index 000000000..c95d051ce --- /dev/null +++ b/etc/disable-devel.inc | |||
@@ -0,0 +1,29 @@ | |||
1 | # development tools | ||
2 | |||
3 | # GCC | ||
4 | blacklist /usr/include | ||
5 | blacklist /usr/bin/gcc* | ||
6 | blacklist /usr/bin/cpp* | ||
7 | blacklist /usr/bin/c9* | ||
8 | blacklist /usr/bin/c8* | ||
9 | blacklist /usr/bin/c++* | ||
10 | blacklist /usr/bin/ld | ||
11 | |||
12 | # Valgrind | ||
13 | blacklist /usr/bin/valgrind* | ||
14 | blacklist /usr/lib/valgrind | ||
15 | |||
16 | # Perl | ||
17 | blacklist /usr/bin/perl | ||
18 | blacklist /usr/bin/cpan* | ||
19 | blacklist /usr/share/perl* | ||
20 | blacklist /usr/lib/perl* | ||
21 | |||
22 | # PHP | ||
23 | blacklist /usr/bin/php* | ||
24 | blacklist /usr/share/php* | ||
25 | blacklist /usr/lib/php* | ||
26 | |||
27 | # Ruby | ||
28 | blacklist /usr/bin/ruby | ||
29 | blacklist /usr/lib/ruby | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index c15eb1c0f..984bbc58e 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |
diff --git a/etc/evince.profile b/etc/evince.profile index c0a2481c9..34d8162b3 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 92bbe4065..f94fc28df 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.FBReader | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
7 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
8 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 9311b67ef..ba8649067 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -4,6 +4,7 @@ noblacklist ${HOME}/.config/filezilla | |||
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-devel.inc | ||
7 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | 10 | seccomp |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 65b293669..50d5c940b 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.mozilla | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |
8 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index a1e633f07..0a495b0b0 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/midori.profile b/etc/midori.profile index 6f31d60ae..77a6fb984 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/midori | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |
8 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/opera.profile b/etc/opera.profile index 9a91ca94b..34a034a17 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/opera | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | netfilter | 7 | netfilter |
7 | noroot | 8 | noroot |
8 | 9 | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index cdd27b796..3dd57b623 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.purple | |||
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-devel.inc | ||
6 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
7 | caps.drop all | 8 | caps.drop all |
8 | seccomp | 9 | seccomp |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 26ade68bf..dd50c779e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 42a172756..cb97d0752 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 53c23d8c6..9fc1fcb80 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/skype.profile b/etc/skype.profile index 902888355..fb69af19e 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-devel.inc | ||
7 | caps.drop all | 8 | caps.drop all |
8 | netfilter | 9 | netfilter |
9 | noroot | 10 | noroot |
diff --git a/etc/spotify.profile b/etc/spotify.profile index af38a2eb3..36d8f2b7a 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | 6 | ||
6 | # Whitelist the folders needed by Spotify - This is more restrictive | 7 | # Whitelist the folders needed by Spotify - This is more restrictive |
7 | # than a blacklist though, but this is all spotify requires for | 8 | # than a blacklist though, but this is all spotify requires for |
diff --git a/etc/steam.profile b/etc/steam.profile index 8103a2a20..5b9244567 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-devel.inc | ||
7 | caps.drop all | 8 | caps.drop all |
8 | netfilter | 9 | netfilter |
9 | noroot | 10 | noroot |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index ff7a714c3..ce9d85502 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) | 1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-devel.inc | ||
4 | 5 | ||
5 | # Users have thunderbird set to open a browser by clicking a link in an email | 6 | # Users have thunderbird set to open a browser by clicking a link in an email |
6 | # We are not allowed to blacklist browser-specific directories | 7 | # We are not allowed to blacklist browser-specific directories |
diff --git a/etc/totem.profile b/etc/totem.profile index 0d8df7a91..52b9450c3 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 92906c6a1..b0dfdbfad 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 163ccb34d..7aca04fe7 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/vlc.profile b/etc/vlc.profile index f2b2d72d7..37ff29308 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/wine.profile b/etc/wine.profile index 3728638a8..e3dd081eb 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-devel.inc | ||
7 | caps.drop all | 8 | caps.drop all |
8 | netfilter | 9 | netfilter |
9 | noroot | 10 | noroot |
diff --git a/etc/xchat.profile b/etc/xchat.profile index f7f775bf0..a9f56cda4 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-devel.inc | ||
5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |