diff options
author | netblue30 <netblue30@yahoo.com> | 2018-03-17 16:39:16 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-03-17 16:39:16 -0400 |
commit | f1cc1918f23aeccec50513ceab53c800e2f8721d (patch) | |
tree | 8700ad820e2186c1963cee6063b70f4396c22cfd /etc | |
parent | asunder profile (diff) | |
parent | Move apparmor option to the top of the options list in all profiles (diff) | |
download | firejail-f1cc1918f23aeccec50513ceab53c800e2f8721d.tar.gz firejail-f1cc1918f23aeccec50513ceab53c800e2f8721d.tar.zst firejail-f1cc1918f23aeccec50513ceab53c800e2f8721d.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ark.profile | 2 | ||||
-rw-r--r-- | etc/atril.profile | 2 | ||||
-rw-r--r-- | etc/audacious.profile | 2 | ||||
-rw-r--r-- | etc/audacity.profile | 2 | ||||
-rw-r--r-- | etc/chromium-common.profile | 2 | ||||
-rw-r--r-- | etc/digikam.profile | 2 | ||||
-rw-r--r-- | etc/electron.profile | 2 | ||||
-rw-r--r-- | etc/eog.profile | 2 | ||||
-rw-r--r-- | etc/eom.profile | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 2 | ||||
-rw-r--r-- | etc/galculator.profile | 2 | ||||
-rw-r--r-- | etc/gimp.profile | 2 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 2 | ||||
-rw-r--r-- | etc/handbrake.profile | 2 | ||||
-rw-r--r-- | etc/inkscape.profile | 2 | ||||
-rw-r--r-- | etc/kate.profile | 2 | ||||
-rw-r--r-- | etc/kdenlive.profile | 2 | ||||
-rw-r--r-- | etc/kodi.profile | 2 | ||||
-rw-r--r-- | etc/krita.profile | 2 | ||||
-rw-r--r-- | etc/kwrite.profile | 2 | ||||
-rw-r--r-- | etc/libreoffice.profile | 2 | ||||
-rw-r--r-- | etc/mpv.profile | 2 | ||||
-rw-r--r-- | etc/okular.profile | 2 | ||||
-rw-r--r-- | etc/openshot.profile | 2 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 2 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 2 | ||||
-rw-r--r-- | etc/smplayer.profile | 2 | ||||
-rw-r--r-- | etc/totem.profile | 2 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 2 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 3 | ||||
-rw-r--r-- | etc/vlc.profile | 2 |
31 files changed, 31 insertions, 32 deletions
diff --git a/etc/ark.profile b/etc/ark.profile index f3e366854..beeb652cf 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | # net none | 21 | # net none |
21 | netfilter | 22 | netfilter |
@@ -29,7 +30,6 @@ novideo | |||
29 | protocol unix | 30 | protocol unix |
30 | seccomp | 31 | seccomp |
31 | shell none | 32 | shell none |
32 | apparmor | ||
33 | 33 | ||
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/atril.profile b/etc/atril.profile index 5d8cc54bd..a05f11076 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
21 | machine-id | 22 | machine-id |
22 | no3d | 23 | no3d |
@@ -31,7 +32,6 @@ protocol unix | |||
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
33 | tracelog | 34 | tracelog |
34 | apparmor | ||
35 | 35 | ||
36 | private-bin atril, atril-previewer, atril-thumbnailer | 36 | private-bin atril, atril-previewer, atril-thumbnailer |
37 | private-dev | 37 | private-dev |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 818d4455b..93ba5a45d 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | nogroups | 21 | nogroups |
@@ -26,7 +27,6 @@ protocol unix,inet,inet6 | |||
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | apparmor | ||
30 | 30 | ||
31 | # private-bin audacious | 31 | # private-bin audacious |
32 | private-dev | 32 | private-dev |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 3575e297a..8c85dd6be 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | #net none | 21 | #net none |
21 | no3d | 22 | no3d |
@@ -29,7 +30,6 @@ protocol unix | |||
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
31 | tracelog | 32 | tracelog |
32 | apparmor | ||
33 | 33 | ||
34 | private-bin audacity | 34 | private-bin audacity |
35 | private-dev | 35 | private-dev |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 0e7e185d0..a11947334 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -17,13 +17,13 @@ whitelist ${HOME}/.pki | |||
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.keep sys_chroot,sys_admin | 21 | caps.keep sys_chroot,sys_admin |
21 | netfilter | 22 | netfilter |
22 | nodvd | 23 | nodvd |
23 | nogroups | 24 | nogroups |
24 | notv | 25 | notv |
25 | shell none | 26 | shell none |
26 | apparmor | ||
27 | 27 | ||
28 | disable-mnt | 28 | disable-mnt |
29 | private-dev | 29 | private-dev |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 179204036..516876c6b 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
21 | netfilter | 22 | netfilter |
22 | nodvd | 23 | nodvd |
@@ -28,7 +29,6 @@ protocol unix,inet,inet6,netlink | |||
28 | seccomp | 29 | seccomp |
29 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group | 30 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group |
30 | shell none | 31 | shell none |
31 | apparmor | ||
32 | 32 | ||
33 | # private-bin program | 33 | # private-bin program |
34 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 34 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
diff --git a/etc/electron.profile b/etc/electron.profile index 2ff61914e..222beada0 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-programs.inc | |||
11 | 11 | ||
12 | whitelist ${DOWNLOADS} | 12 | whitelist ${DOWNLOADS} |
13 | 13 | ||
14 | apparmor | ||
14 | caps.drop all | 15 | caps.drop all |
15 | netfilter | 16 | netfilter |
16 | nodvd | 17 | nodvd |
@@ -20,4 +21,3 @@ noroot | |||
20 | notv | 21 | notv |
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | apparmor | ||
diff --git a/etc/eog.profile b/etc/eog.profile index e5302a84f..545a6e432 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
23 | # net none - makes settings immutable | 24 | # net none - makes settings immutable |
24 | no3d | 25 | no3d |
@@ -32,7 +33,6 @@ novideo | |||
32 | protocol unix | 33 | protocol unix |
33 | seccomp | 34 | seccomp |
34 | shell none | 35 | shell none |
35 | apparmor | ||
36 | 36 | ||
37 | private-bin eog | 37 | private-bin eog |
38 | private-dev | 38 | private-dev |
diff --git a/etc/eom.profile b/etc/eom.profile index e5024a2bf..c7c92db0e 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
23 | # net none - makes settings immutable | 24 | # net none - makes settings immutable |
24 | no3d | 25 | no3d |
@@ -33,7 +34,6 @@ protocol unix | |||
33 | seccomp | 34 | seccomp |
34 | shell none | 35 | shell none |
35 | tracelog | 36 | tracelog |
36 | apparmor | ||
37 | 37 | ||
38 | private-bin eom | 38 | private-bin eom |
39 | private-dev | 39 | private-dev |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 021c9b6a4..12d160155 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -20,6 +20,7 @@ whitelist ${HOME}/.pki | |||
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | ||
23 | caps.drop all | 24 | caps.drop all |
24 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required | 25 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required |
25 | #machine-id | 26 | #machine-id |
@@ -33,7 +34,6 @@ protocol unix,inet,inet6,netlink | |||
33 | seccomp | 34 | seccomp |
34 | shell none | 35 | shell none |
35 | tracelog | 36 | tracelog |
36 | apparmor | ||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-dev | 39 | private-dev |
diff --git a/etc/galculator.profile b/etc/galculator.profile index c851e7038..b28c7943f 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -19,6 +19,7 @@ whitelist ${HOME}/.config/galculator | |||
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
23 | net none | 24 | net none |
24 | nodvd | 25 | nodvd |
@@ -32,7 +33,6 @@ protocol unix | |||
32 | seccomp | 33 | seccomp |
33 | shell none | 34 | shell none |
34 | tracelog | 35 | tracelog |
35 | apparmor | ||
36 | 36 | ||
37 | private-bin galculator | 37 | private-bin galculator |
38 | private-dev | 38 | private-dev |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 1f15677a1..3cc012a88 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | net none | 20 | net none |
20 | nodvd | 21 | nodvd |
@@ -26,7 +27,6 @@ notv | |||
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
29 | apparmor | ||
30 | 30 | ||
31 | private-dev | 31 | private-dev |
32 | private-tmp | 32 | private-tmp |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index b6fcb0668..d13208a1e 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | include /etc/firejail/whitelist-common.inc | 14 | include /etc/firejail/whitelist-common.inc |
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
16 | 16 | ||
17 | apparmor | ||
17 | caps.drop all | 18 | caps.drop all |
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
@@ -27,7 +28,6 @@ novideo | |||
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | apparmor | ||
31 | 31 | ||
32 | disable-mnt | 32 | disable-mnt |
33 | private-bin gnome-calculator | 33 | private-bin gnome-calculator |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index dd814222b..b99842d60 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
16 | 16 | ||
17 | apparmor | ||
17 | caps.drop all | 18 | caps.drop all |
18 | netfilter | 19 | netfilter |
19 | nogroups | 20 | nogroups |
@@ -23,7 +24,6 @@ novideo | |||
23 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | apparmor | ||
27 | 27 | ||
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 924691743..6e669ea2c 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | netfilter | 21 | netfilter |
21 | nodvd | 22 | nodvd |
@@ -28,7 +29,6 @@ novideo | |||
28 | protocol unix | 29 | protocol unix |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
31 | apparmor | ||
32 | 32 | ||
33 | # private-bin inkscape,potrace - problems on Debian stretch | 33 | # private-bin inkscape,potrace - problems on Debian stretch |
34 | private-dev | 34 | private-dev |
diff --git a/etc/kate.profile b/etc/kate.profile index d1cfef49b..43f38d7e6 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc | |||
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | # net none | 26 | # net none |
26 | netfilter | 27 | netfilter |
@@ -35,7 +36,6 @@ protocol unix | |||
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
37 | tracelog | 38 | tracelog |
38 | apparmor | ||
39 | 39 | ||
40 | # private-bin kate | 40 | # private-bin kate |
41 | private-dev | 41 | private-dev |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index a52cd832f..424ad767e 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | # net none | 20 | # net none |
20 | nodvd | 21 | nodvd |
@@ -25,7 +26,6 @@ notv | |||
25 | protocol unix,netlink | 26 | protocol unix,netlink |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
28 | apparmor | ||
29 | 29 | ||
30 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | 30 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper |
31 | private-dev | 31 | private-dev |
diff --git a/etc/kodi.profile b/etc/kodi.profile index 4eb2c9df1..dfe019641 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | apparmor | ||
15 | caps.drop all | 16 | caps.drop all |
16 | netfilter | 17 | netfilter |
17 | nogroups | 18 | nogroups |
@@ -21,7 +22,6 @@ protocol unix,inet,inet6,netlink | |||
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
23 | tracelog | 24 | tracelog |
24 | apparmor | ||
25 | 25 | ||
26 | private-dev | 26 | private-dev |
27 | private-tmp | 27 | private-tmp |
diff --git a/etc/krita.profile b/etc/krita.profile index 9fddf2214..0f4c5210b 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | apparmor | ||
17 | caps.drop all | 18 | caps.drop all |
18 | ipc-namespace | 19 | ipc-namespace |
19 | # net none | 20 | # net none |
@@ -27,7 +28,6 @@ novideo | |||
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | apparmor | ||
31 | 31 | ||
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 386ef142c..6e8e33cb3 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/disable-programs.inc | |||
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
24 | 24 | ||
25 | apparmor | ||
25 | caps.drop all | 26 | caps.drop all |
26 | # net none | 27 | # net none |
27 | netfilter | 28 | netfilter |
@@ -36,7 +37,6 @@ protocol unix | |||
36 | seccomp | 37 | seccomp |
37 | shell none | 38 | shell none |
38 | tracelog | 39 | tracelog |
39 | apparmor | ||
40 | 40 | ||
41 | private-bin kwrite,kbuildsycoca4,kdeinit4 | 41 | private-bin kwrite,kbuildsycoca4,kdeinit4 |
42 | private-dev | 42 | private-dev |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index a67fafa30..8b801f11e 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | machine-id | 21 | machine-id |
21 | netfilter | 22 | netfilter |
@@ -28,7 +29,6 @@ protocol unix,inet,inet6 | |||
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | tracelog | 31 | tracelog |
31 | apparmor | ||
32 | 32 | ||
33 | private-dev | 33 | private-dev |
34 | private-tmp | 34 | private-tmp |
diff --git a/etc/mpv.profile b/etc/mpv.profile index e864d5d45..a4dc679f4 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | nogroups | 21 | nogroups |
@@ -24,7 +25,6 @@ protocol unix,inet,inet6 | |||
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | tracelog | 27 | tracelog |
27 | apparmor | ||
28 | 28 | ||
29 | private-bin mpv,youtube-dl,python*,env | 29 | private-bin mpv,youtube-dl,python*,env |
30 | private-dev | 30 | private-dev |
diff --git a/etc/okular.profile b/etc/okular.profile index 016316b29..ffe0d2bfb 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -25,6 +25,7 @@ include /etc/firejail/disable-programs.inc | |||
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
27 | 27 | ||
28 | apparmor | ||
28 | caps.drop all | 29 | caps.drop all |
29 | machine-id | 30 | machine-id |
30 | # net none | 31 | # net none |
@@ -40,7 +41,6 @@ protocol unix | |||
40 | seccomp | 41 | seccomp |
41 | shell none | 42 | shell none |
42 | tracelog | 43 | tracelog |
43 | apparmor | ||
44 | 44 | ||
45 | private-bin okular,kbuildsycoca4,kdeinit4,lpr | 45 | private-bin okular,kbuildsycoca4,kdeinit4,lpr |
46 | private-dev | 46 | private-dev |
diff --git a/etc/openshot.profile b/etc/openshot.profile index 5d81df193..ca9110be6 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | nodvd | 21 | nodvd |
@@ -25,7 +26,6 @@ notv | |||
25 | protocol unix,inet,inet6,netlink | 26 | protocol unix,inet,inet6,netlink |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
28 | apparmor | ||
29 | 29 | ||
30 | private-dev | 30 | private-dev |
31 | private-tmp | 31 | private-tmp |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 60bcc73d2..8df8177eb 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -26,6 +26,7 @@ whitelist ${HOME}/.local/share/data/qBittorrent | |||
26 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include /etc/firejail/whitelist-var-common.inc |
28 | 28 | ||
29 | apparmor | ||
29 | caps.drop all | 30 | caps.drop all |
30 | machine-id | 31 | machine-id |
31 | netfilter | 32 | netfilter |
@@ -39,7 +40,6 @@ novideo | |||
39 | protocol unix,inet,inet6,netlink | 40 | protocol unix,inet,inet6,netlink |
40 | seccomp | 41 | seccomp |
41 | shell none | 42 | shell none |
42 | apparmor | ||
43 | 43 | ||
44 | private-bin qbittorrent,python* | 44 | private-bin qbittorrent,python* |
45 | private-dev | 45 | private-dev |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index b6f16cecf..a20bdb883 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | 14 | include /etc/firejail/whitelist-var-common.inc |
15 | 15 | ||
16 | apparmor | ||
16 | caps.drop all | 17 | caps.drop all |
17 | netfilter | 18 | netfilter |
18 | # no3d | 19 | # no3d |
@@ -25,7 +26,6 @@ protocol unix,inet,inet6 | |||
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
27 | tracelog | 28 | tracelog |
28 | apparmor | ||
29 | 29 | ||
30 | private-bin rhythmbox | 30 | private-bin rhythmbox |
31 | private-dev | 31 | private-dev |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index d0180e185..64eff5670 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | # nogroups | 21 | # nogroups |
@@ -23,7 +24,6 @@ noroot | |||
23 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | apparmor | ||
27 | 27 | ||
28 | private-bin smplayer,smtube,mplayer,mpv | 28 | private-bin smplayer,smtube,mplayer,mpv |
29 | private-dev | 29 | private-dev |
diff --git a/etc/totem.profile b/etc/totem.profile index 2b591cc69..6dbc5f0c2 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | nogroups | 21 | nogroups |
@@ -23,7 +24,6 @@ noroot | |||
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | apparmor | ||
27 | 27 | ||
28 | private-bin totem | 28 | private-bin totem |
29 | private-dev | 29 | private-dev |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index d67bda4cc..3d249748d 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -21,6 +21,7 @@ whitelist ${HOME}/.config/transmission | |||
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | machine-id | 26 | machine-id |
26 | netfilter | 27 | netfilter |
@@ -34,7 +35,6 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 35 | seccomp |
35 | shell none | 36 | shell none |
36 | tracelog | 37 | tracelog |
37 | apparmor | ||
38 | 38 | ||
39 | private-bin transmission-gtk | 39 | private-bin transmission-gtk |
40 | private-dev | 40 | private-dev |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index f2bfd1ff6..4f4d9bac1 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -21,6 +21,7 @@ whitelist ${HOME}/.config/transmission | |||
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | machine-id | 26 | machine-id |
26 | netfilter | 27 | netfilter |
@@ -34,7 +35,6 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 35 | seccomp |
35 | shell none | 36 | shell none |
36 | tracelog | 37 | tracelog |
37 | apparmor | ||
38 | 38 | ||
39 | private-bin transmission-qt | 39 | private-bin transmission-qt |
40 | private-dev | 40 | private-dev |
@@ -42,4 +42,3 @@ private-dev | |||
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 | 44 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 |
45 | |||
diff --git a/etc/vlc.profile b/etc/vlc.profile index c244be08b..dad9a9ae1 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
20 | # nogroups | 21 | # nogroups |
@@ -23,7 +24,6 @@ noroot | |||
23 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | apparmor | ||
27 | 27 | ||
28 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 28 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
29 | private-dev | 29 | private-dev |