diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-11-25 14:24:22 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-11-25 14:24:22 +0100 |
commit | 90b7dd85bef308f4608be56c8326d61172dbefb2 (patch) | |
tree | d2df952cf83fc4e1e85c45b1958ae0a44647c3ed /etc | |
parent | apparmor: misc fix for pcscd (diff) | |
download | firejail-90b7dd85bef308f4608be56c8326d61172dbefb2.tar.gz firejail-90b7dd85bef308f4608be56c8326d61172dbefb2.tar.zst firejail-90b7dd85bef308f4608be56c8326d61172dbefb2.zip |
various fixups
Diffstat (limited to 'etc')
-rw-r--r-- | etc/audio-recorder.profile | 3 | ||||
-rw-r--r-- | etc/ddgtk.profile | 3 | ||||
-rw-r--r-- | etc/drawio.profile | 4 | ||||
-rw-r--r-- | etc/gmpc.profile | 5 | ||||
-rw-r--r-- | etc/profanity.profile | 2 | ||||
-rw-r--r-- | etc/unf.profile | 3 |
6 files changed, 8 insertions, 12 deletions
diff --git a/etc/audio-recorder.profile b/etc/audio-recorder.profile index 6d9ccb33f..afd1033de 100644 --- a/etc/audio-recorder.profile +++ b/etc/audio-recorder.profile | |||
@@ -8,7 +8,6 @@ include audio-recorder.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | whitelist ${DOWNLOADS} | ||
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
14 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,6 +17,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
20 | whitelist ${MUSIC} | ||
21 | whitelist ${DOWNLOADS} | ||
21 | whitelist /usr/share/audio-recorder | 22 | whitelist /usr/share/audio-recorder |
22 | include whitelist-common.inc | 23 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile index 8727a3cb3..ef65046e1 100644 --- a/etc/ddgtk.profile +++ b/etc/ddgtk.profile | |||
@@ -10,8 +10,6 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | ||
14 | |||
15 | include disable-common.inc | 13 | include disable-common.inc |
16 | include disable-devel.inc | 14 | include disable-devel.inc |
17 | include disable-exec.inc | 15 | include disable-exec.inc |
@@ -20,6 +18,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 18 | include disable-programs.inc |
21 | include disable-xdg.inc | 19 | include disable-xdg.inc |
22 | 20 | ||
21 | whitelist ${DOWNLOADS} | ||
23 | whitelist /usr/share/ddgtk | 22 | whitelist /usr/share/ddgtk |
24 | include whitelist-common.inc | 23 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/drawio.profile b/etc/drawio.profile index b50fc6b66..d4fd735a1 100644 --- a/etc/drawio.profile +++ b/etc/drawio.profile | |||
@@ -8,8 +8,6 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/draw.io | 9 | noblacklist ${HOME}/.config/draw.io |
10 | 10 | ||
11 | whitelist ${DOWNLOADS} | ||
12 | |||
13 | include disable-common.inc | 11 | include disable-common.inc |
14 | include disable-devel.inc | 12 | include disable-devel.inc |
15 | include disable-exec.inc | 13 | include disable-exec.inc |
@@ -20,7 +18,7 @@ include disable-xdg.inc | |||
20 | 18 | ||
21 | mkdir ${HOME}/.config/draw.io | 19 | mkdir ${HOME}/.config/draw.io |
22 | whitelist ${HOME}/.config/draw.io | 20 | whitelist ${HOME}/.config/draw.io |
23 | 21 | whitelist ${DOWNLOADS} | |
24 | include whitelist-common.inc | 22 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/gmpc.profile b/etc/gmpc.profile index b13050dbd..b1546db30 100644 --- a/etc/gmpc.profile +++ b/etc/gmpc.profile | |||
@@ -7,7 +7,6 @@ include gmpc.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gmpc | 9 | noblacklist ${HOME}/.config/gmpc |
10 | |||
11 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
@@ -20,7 +19,7 @@ include disable-xdg.inc | |||
20 | 19 | ||
21 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
22 | whitelist ${HOME}/.config/gmpc | 21 | whitelist ${HOME}/.config/gmpc |
23 | 22 | whitelist ${MUSIC} | |
24 | whitelist /usr/share/gmpc | 23 | whitelist /usr/share/gmpc |
25 | include whitelist-common.inc | 24 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
@@ -49,6 +48,6 @@ disable-mnt | |||
49 | private-cache | 48 | private-cache |
50 | private-etc alternatives,fonts | 49 | private-etc alternatives,fonts |
51 | private-tmp | 50 | private-tmp |
51 | writable-run-user | ||
52 | 52 | ||
53 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
54 | writable-run-user | ||
diff --git a/etc/profanity.profile b/etc/profanity.profile index 84f70ad4d..6ca9314e9 100644 --- a/etc/profanity.profile +++ b/etc/profanity.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | private-bin profanity | 44 | private-bin profanity |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,localtime,mime.types,resolv.conf,ssl | 47 | private-etc alternatives,ca-certificates,crypto-policies,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/unf.profile b/etc/unf.profile index ea08ff699..1f0b2aa32 100644 --- a/etc/unf.profile +++ b/etc/unf.profile | |||
@@ -7,8 +7,6 @@ include unf.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | whitelist ${DOWNLOADS} | ||
11 | |||
12 | include disable-common.inc | 10 | include disable-common.inc |
13 | include disable-devel.inc | 11 | include disable-devel.inc |
14 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -17,6 +15,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 15 | include disable-programs.inc |
18 | include disable-xdg.inc | 16 | include disable-xdg.inc |
19 | 17 | ||
18 | whitelist ${DOWNLOADS} | ||
20 | include whitelist-common.inc | 19 | include whitelist-common.inc |
21 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |