diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-03-31 16:24:38 +0200 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-03-31 14:24:38 +0000 |
commit | ba85fa81088a0b468f3fb98d96b535f8d07989c8 (patch) | |
tree | bef5910fdcbc1b393079b61cc11782f50f3a3017 /etc | |
parent | restrict more KDE files (#1181) (diff) | |
download | firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.tar.gz firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.tar.zst firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.zip |
tidy up (#1182)
* minor reorganization
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
Diffstat (limited to 'etc')
-rw-r--r-- | etc/abrowser.profile | 1 | ||||
-rw-r--r-- | etc/cyberfox.profile | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 11 | ||||
-rw-r--r-- | etc/firefox.profile | 1 | ||||
-rw-r--r-- | etc/icecat.profile | 1 | ||||
-rw-r--r-- | etc/midori.profile | 1 | ||||
-rw-r--r-- | etc/seamonkey.profile | 1 |
7 files changed, 7 insertions, 10 deletions
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b9a30d6bf..e53796fa2 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/abrowser.local | |||
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | 7 | noblacklist ~/.cache/mozilla |
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | noblacklist ~/.lastpass | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index a79303f77..c51c2f4f9 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/cyberfox.local | |||
6 | noblacklist ~/.8pecxstudios | 6 | noblacklist ~/.8pecxstudios |
7 | noblacklist ~/.cache/8pecxstudios | 7 | noblacklist ~/.cache/8pecxstudios |
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | noblacklist ~/.lastpass | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0ada3314f..451203865 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -6,11 +6,8 @@ include /etc/firejail/disable-common.local | |||
6 | blacklist-nolog ${HOME}/.history | 6 | blacklist-nolog ${HOME}/.history |
7 | blacklist-nolog ${HOME}/.*_history | 7 | blacklist-nolog ${HOME}/.*_history |
8 | blacklist-nolog ${HOME}/.bash_history | 8 | blacklist-nolog ${HOME}/.bash_history |
9 | blacklist ${HOME}/.local/share/systemd | ||
10 | blacklist ${HOME}/.config/systemd | ||
11 | blacklist-nolog ${HOME}/.adobe | 9 | blacklist-nolog ${HOME}/.adobe |
12 | blacklist-nolog ${HOME}/.macromedia | 10 | blacklist-nolog ${HOME}/.macromedia |
13 | read-only ${HOME}/.local/share/applications | ||
14 | 11 | ||
15 | # X11 session autostart | 12 | # X11 session autostart |
16 | blacklist ${HOME}/.xinitrc | 13 | blacklist ${HOME}/.xinitrc |
@@ -74,6 +71,10 @@ blacklist ${HOME}/.local/share/kservices5 | |||
74 | blacklist ${HOME}/.local/share/plasma | 71 | blacklist ${HOME}/.local/share/plasma |
75 | blacklist ${HOME}/.local/share/solid | 72 | blacklist ${HOME}/.local/share/solid |
76 | 73 | ||
74 | # systemd | ||
75 | blacklist ${HOME}/.local/share/systemd | ||
76 | blacklist ${HOME}/.config/systemd | ||
77 | |||
77 | # VirtualBox | 78 | # VirtualBox |
78 | blacklist ${HOME}/.VirtualBox | 79 | blacklist ${HOME}/.VirtualBox |
79 | blacklist ${HOME}/VirtualBox VMs | 80 | blacklist ${HOME}/VirtualBox VMs |
@@ -177,9 +178,11 @@ read-only ${HOME}/.luarocks | |||
177 | read-only ${HOME}/.npm-packages | 178 | read-only ${HOME}/.npm-packages |
178 | 179 | ||
179 | # Make the contents of ~/.local read-only, | 180 | # Make the contents of ~/.local read-only, |
180 | # except the commonly-used ~/.local/share | 181 | # except the commonly-used ~/.local/share, |
182 | # but including ~/.local/share/applications | ||
181 | read-only ${HOME}/.local | 183 | read-only ${HOME}/.local |
182 | read-write ${HOME}/.local/share | 184 | read-write ${HOME}/.local/share |
185 | read-only ${HOME}/.local/share/applications | ||
183 | 186 | ||
184 | # top secret | 187 | # top secret |
185 | blacklist ${HOME}/.ecryptfs | 188 | blacklist ${HOME}/.ecryptfs |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 5f852d4c0..bd9d37560 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -10,7 +10,6 @@ noblacklist ~/.local/share/qpdfview | |||
10 | noblacklist ~/.kde4/share/apps/okular | 10 | noblacklist ~/.kde4/share/apps/okular |
11 | noblacklist ~/.kde/share/apps/okular | 11 | noblacklist ~/.kde/share/apps/okular |
12 | noblacklist ~/.pki | 12 | noblacklist ~/.pki |
13 | noblacklist ~/.lastpass | ||
14 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 64401efe8..0611f5259 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/icecat.local | |||
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | 7 | noblacklist ~/.cache/mozilla |
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | noblacklist ~/.lastpass | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/midori.profile b/etc/midori.profile index a0bcb808c..aef61fa9f 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -8,7 +8,6 @@ noblacklist ~/.local/share/midori | |||
8 | noblacklist ~/.local/share/webkit | 8 | noblacklist ~/.local/share/webkit |
9 | noblacklist ~/.local/share/webkitgtk | 9 | noblacklist ~/.local/share/webkitgtk |
10 | noblacklist ~/.pki | 10 | noblacklist ~/.pki |
11 | noblacklist ~/.lastpass | ||
12 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index df1910469..afac0ff88 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/seamonkey.local | |||
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | 7 | noblacklist ~/.cache/mozilla |
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | noblacklist ~/.lastpass | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |