Add a profile for Yandex browser

Thanks to @larkvirtual for the paths and testing
author: Tad <tad@spotco.us> 2017-09-02 10:32:45 -0400
committer: Tad <tad@spotco.us> 2017-09-02 10:42:06 -0400
commit: 7fd9fa0cf4e1d2fc997bef23caea883850da6693 (patch)
tree: 2839a7865d0c4696e0e2ad4f39f40ef92953be5f /etc
parent: Improve seccomp support for non-x86 architectures (diff)
download: firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.gz
firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.zst
firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.zip
2 files changed, 46 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 736ac1e89..b833a3f68 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -178,6 +178,8 @@ blacklist ${HOME}/.config/xmms2
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.config/xreader
 blacklist ${HOME}/.config/xviewer
+blacklist ${HOME}/.config/yandex-browser
+blacklist ${HOME}/.config/yandex-browser-beta
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
@@ -427,3 +429,5 @@ blacklist ${HOME}/.cache/vivaldi
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/xmms2
 blacklist ${HOME}/.cache/xreader
+blacklist ${HOME}/.cache/yandex-browser
+blacklist ${HOME}/.cache/yandex-browser-beta
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
new file mode 100644
index 000000000..bfb7b9d87
--- /dev/null
+++ b/etc/yandex-browser.profile
@@ -0,0 +1,42 @@
+# Firejail profile for yandex-browser
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/yandex-browser.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.cache/yandex-browser
+noblacklist ~/.cache/yandex-browser-beta
+noblacklist ~/.config/yandex-browser
+noblacklist ~/.config/yandex-browser-beta
+noblacklist ~/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.cache/yandex-browser
+mkdir ~/.cache/yandex-browser-beta
+mkdir ~/.config/yandex-browser
+mkdir ~/.config/yandex-browser-beta
+mkdir ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/yandex-browser
+whitelist ~/.cache/yandex-browser-beta
+whitelist ~/.config/yandex-browser
+whitelist ~/.config/yandex-browser-beta
+whitelist ~/.pki
+include /etc/firejail/whitelist-common.inc
+caps.keep sys_chroot,sys_admin
+netfilter
+nodvd
+nogroups
+notv
+shell none
+private-dev
+# private-tmp - problems with multiple browser sessions
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-02 10:32:45 -0400
committer	Tad <tad@spotco.us>	2017-09-02 10:42:06 -0400
commit	7fd9fa0cf4e1d2fc997bef23caea883850da6693 (patch)
tree	2839a7865d0c4696e0e2ad4f39f40ef92953be5f /etc
parent	Improve seccomp support for non-x86 architectures (diff)
download	firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.gz firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.zst firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 736ac1e89..b833a3f68 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -178,6 +178,8 @@ blacklist ${HOME}/.config/xmms2
178	blacklist ${HOME}/.config/xplayer	178	blacklist ${HOME}/.config/xplayer
179	blacklist ${HOME}/.config/xreader	179	blacklist ${HOME}/.config/xreader
180	blacklist ${HOME}/.config/xviewer	180	blacklist ${HOME}/.config/xviewer
		181	blacklist ${HOME}/.config/yandex-browser
		182	blacklist ${HOME}/.config/yandex-browser-beta
181	blacklist ${HOME}/.config/zathura	183	blacklist ${HOME}/.config/zathura
182	blacklist ${HOME}/.config/zoomus.conf	184	blacklist ${HOME}/.config/zoomus.conf
183	blacklist ${HOME}/.conkeror.mozdev.org	185	blacklist ${HOME}/.conkeror.mozdev.org
@@ -427,3 +429,5 @@ blacklist ${HOME}/.cache/vivaldi
427	blacklist ${HOME}/.cache/wesnoth	429	blacklist ${HOME}/.cache/wesnoth
428	blacklist ${HOME}/.cache/xmms2	430	blacklist ${HOME}/.cache/xmms2
429	blacklist ${HOME}/.cache/xreader	431	blacklist ${HOME}/.cache/xreader
		432	blacklist ${HOME}/.cache/yandex-browser
		433	blacklist ${HOME}/.cache/yandex-browser-beta


diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile new file mode 100644 index 000000000..bfb7b9d87 --- /dev/null +++ b/etc/yandex-browser.profile
@@ -0,0 +1,42 @@
		1	# Firejail profile for yandex-browser
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/yandex-browser.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ~/.cache/yandex-browser
		9	noblacklist ~/.cache/yandex-browser-beta
		10	noblacklist ~/.config/yandex-browser
		11	noblacklist ~/.config/yandex-browser-beta
		12	noblacklist ~/.pki
		13
		14	include /etc/firejail/disable-common.inc
		15	include /etc/firejail/disable-devel.inc
		16	include /etc/firejail/disable-programs.inc
		17
		18	mkdir ~/.cache/yandex-browser
		19	mkdir ~/.cache/yandex-browser-beta
		20	mkdir ~/.config/yandex-browser
		21	mkdir ~/.config/yandex-browser-beta
		22	mkdir ~/.pki
		23	whitelist ${DOWNLOADS}
		24	whitelist ~/.cache/yandex-browser
		25	whitelist ~/.cache/yandex-browser-beta
		26	whitelist ~/.config/yandex-browser
		27	whitelist ~/.config/yandex-browser-beta
		28	whitelist ~/.pki
		29	include /etc/firejail/whitelist-common.inc
		30
		31	caps.keep sys_chroot,sys_admin
		32	netfilter
		33	nodvd
		34	nogroups
		35	notv
		36	shell none
		37
		38	private-dev
		39	# private-tmp - problems with multiple browser sessions
		40
		41	noexec ${HOME}
		42	noexec /tmp