blacklisted various program files

author: valoq <valoq@mailbox.org> 2016-12-01 12:09:19 +0100
committer: valoq <valoq@mailbox.org> 2016-12-01 12:09:19 +0100
commit: abc77414d8e1f864db6af55d46629f1e9f301f61 (patch)
tree: e02817be141457a3d2ef3d0c7053a71c32159f32 /etc
parent: gajim fix (diff)
download: firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.tar.gz
firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.tar.zst
firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.zip
5 files changed, 40 insertions, 2 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index bc2f6869d..8886a0bc3 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -194,6 +194,7 @@ blacklist ${PATH}/roxterm-config
 blacklist ${PATH}/terminix
 blacklist ${PATH}/urxvtc
 blacklist ${PATH}/urxvtcd
+blacklist ${PATH}/konsole
 # kernel files
 blacklist /vmlinuz*
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 6db9073ab..045b4d92b 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -1,7 +1,10 @@
 blacklist ${HOME}/.pki/nssdb
 blacklist ${HOME}/.lastpass
 blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.keepass
 blacklist ${HOME}/.password-store
 blacklist ${HOME}/keepassx.kdbx
 blacklist ${HOME}/.config/keepassx
+blacklist ${HOME}/.config/keepass
+blacklist ${HOME}/.config/KeePass
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 76a4c4607..f87053b7c 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -44,7 +44,27 @@ blacklist ${HOME}/.openshot_qt
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/eog
+blacklist ${HOME}/.config/arkrc
+blacklist ${HOME}/.config/atril
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/brasero
+blacklist ${HOME}/.config/enchant
+blacklist ${HOME}/.config/gedit
+blacklist ${HOME}/.config/Cryptocat
+blacklist ${HOME}/.config/dolphinrc
+blacklist ${HOME}/.config/katerc
+blacklist ${HOME}/.config/katepartrc
+blacklist ${HOME}/.config/kateschemarc
+blacklist ${HOME}/.config/katesyntaxhighlightingrc
+blacklist ${HOME}/.config/katevirc
+blacklist ${HOME}/.config/nautilus
+blacklist ${HOME}/.config/xfburn
+blacklist ${HOME}/.config/evince
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.emacs.d
+blacklist ${HOME}/.claws-mail
+blacklist ${HOME}/.config/ranger
+blacklist ${HOME}/.qemu-launcher
 # Media players
 blacklist ${HOME}/.config/cmus
@@ -56,6 +76,7 @@ blacklist ${HOME}/.config/totem
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.audacity-data
 blacklist ${HOME}/.guayadeque
+blacklist ${HOME}/.config/dragonplayerrc
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
@@ -88,6 +109,8 @@ blacklist ${HOME}/.msmtprc
 blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.local/share/evolution
 blacklist ${HOME}/.cache/evolution
+blacklist ${HOME}/.elinks
+blacklist ${HOME}/.w3m
 # Instant Messaging
 blacklist ${HOME}/.config/hexchat
@@ -110,6 +133,7 @@ blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/Wire
+blacklist ${HOME}/.config/wire
 blacklist ${HOME}/.config/Cryptocat
 # Games
@@ -119,6 +143,7 @@ blacklist ${HOME}/.config/wesnoth
 blacklist ${HOME}/.config/0ad
 blacklist ${HOME}/.warzone2100-3.1
 blacklist ${HOME}/.dosbox
+blacklist ${HOME}/.local/share/gnome-chess
 # Cryptocoins
 blacklist ${HOME}/.*coin
@@ -151,6 +176,9 @@ blacklist ${HOME}/.cache/0ad
 blacklist ${HOME}/.cache/8pecxstudios
 blacklist ${HOME}/.cache/xreader
 blacklist ${HOME}/.cache/Franz
+blacklist ${HOME}/.cache/simple-scan
+blacklist ${HOME}/.cache/libgweather
+blacklist ${HOME}/.cache/org.gnome.Books
 # share
 blacklist ${HOME}/.local/share/epiphany
@@ -166,6 +194,10 @@ blacklist ${HOME}/.local/share/pix
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/qpdfview
 blacklist ${HOME}/.local/share/zathura
+blacklist ${HOME}/.local/share/gnome-music
+blacklist ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/kate
+blacklist ${HOME}/.local/share/dolphin
 # ssh
 blacklist /tmp/ssh-*
diff --git a/etc/evince.profile b/etc/evince.profile
index 12ea358be..1ec384947 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -1,4 +1,6 @@
 # evince pdf reader profile
+noblacklist ~/.config/evince
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 297f7e6a9..4db485ea7 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-chess
-noblacklist /.local/share/gnome-chess
+noblacklist ~/.local/share/gnome-chess
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
author	valoq <valoq@mailbox.org>	2016-12-01 12:09:19 +0100
committer	valoq <valoq@mailbox.org>	2016-12-01 12:09:19 +0100
commit	abc77414d8e1f864db6af55d46629f1e9f301f61 (patch)
tree	e02817be141457a3d2ef3d0c7053a71c32159f32 /etc
parent	gajim fix (diff)
download	firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.tar.gz firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.tar.zst firejail-abc77414d8e1f864db6af55d46629f1e9f301f61.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index bc2f6869d..8886a0bc3 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -194,6 +194,7 @@ blacklist ${PATH}/roxterm-config
194	blacklist ${PATH}/terminix	194	blacklist ${PATH}/terminix
195	blacklist ${PATH}/urxvtc	195	blacklist ${PATH}/urxvtc
196	blacklist ${PATH}/urxvtcd	196	blacklist ${PATH}/urxvtcd
		197	blacklist ${PATH}/konsole
197		198
198	# kernel files	199	# kernel files
199	blacklist /vmlinuz*	200	blacklist /vmlinuz*


diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 6db9073ab..045b4d92b 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc
@@ -1,7 +1,10 @@
1	blacklist ${HOME}/.pki/nssdb	1	blacklist ${HOME}/.pki/nssdb
2	blacklist ${HOME}/.lastpass	2	blacklist ${HOME}/.lastpass
3	blacklist ${HOME}/.keepassx	3	blacklist ${HOME}/.keepassx
		4	blacklist ${HOME}/.keepass
4	blacklist ${HOME}/.password-store	5	blacklist ${HOME}/.password-store
5	blacklist ${HOME}/keepassx.kdbx	6	blacklist ${HOME}/keepassx.kdbx
6	blacklist ${HOME}/.config/keepassx	7	blacklist ${HOME}/.config/keepassx
		8	blacklist ${HOME}/.config/keepass
		9	blacklist ${HOME}/.config/KeePass
7		10


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 76a4c4607..f87053b7c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -44,7 +44,27 @@ blacklist ${HOME}/.openshot_qt
44	blacklist ${HOME}/.flowblade	44	blacklist ${HOME}/.flowblade
45	blacklist ${HOME}/.config/flowblade	45	blacklist ${HOME}/.config/flowblade
46	blacklist ${HOME}/.config/eog	46	blacklist ${HOME}/.config/eog
47		47	blacklist ${HOME}/.config/arkrc
		48	blacklist ${HOME}/.config/atril
		49	blacklist ${HOME}/.config/aweather
		50	blacklist ${HOME}/.config/brasero
		51	blacklist ${HOME}/.config/enchant
		52	blacklist ${HOME}/.config/gedit
		53	blacklist ${HOME}/.config/Cryptocat
		54	blacklist ${HOME}/.config/dolphinrc
		55	blacklist ${HOME}/.config/katerc
		56	blacklist ${HOME}/.config/katepartrc
		57	blacklist ${HOME}/.config/kateschemarc
		58	blacklist ${HOME}/.config/katesyntaxhighlightingrc
		59	blacklist ${HOME}/.config/katevirc
		60	blacklist ${HOME}/.config/nautilus
		61	blacklist ${HOME}/.config/xfburn
		62	blacklist ${HOME}/.config/evince
		63	blacklist ${HOME}/.emacs
		64	blacklist ${HOME}/.emacs.d
		65	blacklist ${HOME}/.claws-mail
		66	blacklist ${HOME}/.config/ranger
		67	blacklist ${HOME}/.qemu-launcher
48		68
49	# Media players	69	# Media players
50	blacklist ${HOME}/.config/cmus	70	blacklist ${HOME}/.config/cmus
@@ -56,6 +76,7 @@ blacklist ${HOME}/.config/totem
56	blacklist ${HOME}/.config/xplayer	76	blacklist ${HOME}/.config/xplayer
57	blacklist ${HOME}/.audacity-data	77	blacklist ${HOME}/.audacity-data
58	blacklist ${HOME}/.guayadeque	78	blacklist ${HOME}/.guayadeque
		79	blacklist ${HOME}/.config/dragonplayerrc
59		80
60	# HTTP / FTP / Mail	81	# HTTP / FTP / Mail
61	blacklist ${HOME}/.icedove	82	blacklist ${HOME}/.icedove
@@ -88,6 +109,8 @@ blacklist ${HOME}/.msmtprc
88	blacklist ${HOME}/.config/evolution	109	blacklist ${HOME}/.config/evolution
89	blacklist ${HOME}/.local/share/evolution	110	blacklist ${HOME}/.local/share/evolution
90	blacklist ${HOME}/.cache/evolution	111	blacklist ${HOME}/.cache/evolution
		112	blacklist ${HOME}/.elinks
		113	blacklist ${HOME}/.w3m
91		114
92	# Instant Messaging	115	# Instant Messaging
93	blacklist ${HOME}/.config/hexchat	116	blacklist ${HOME}/.config/hexchat
@@ -110,6 +133,7 @@ blacklist ${HOME}/.cache/gajim
110	blacklist ${HOME}/.local/share/gajim	133	blacklist ${HOME}/.local/share/gajim
111	blacklist ${HOME}/.config/gajim	134	blacklist ${HOME}/.config/gajim
112	blacklist ${HOME}/.config/Wire	135	blacklist ${HOME}/.config/Wire
		136	blacklist ${HOME}/.config/wire
113	blacklist ${HOME}/.config/Cryptocat	137	blacklist ${HOME}/.config/Cryptocat
114		138
115	# Games	139	# Games
@@ -119,6 +143,7 @@ blacklist ${HOME}/.config/wesnoth
119	blacklist ${HOME}/.config/0ad	143	blacklist ${HOME}/.config/0ad
120	blacklist ${HOME}/.warzone2100-3.1	144	blacklist ${HOME}/.warzone2100-3.1
121	blacklist ${HOME}/.dosbox	145	blacklist ${HOME}/.dosbox
		146	blacklist ${HOME}/.local/share/gnome-chess
122		147
123	# Cryptocoins	148	# Cryptocoins
124	blacklist ${HOME}/.*coin	149	blacklist ${HOME}/.*coin
@@ -151,6 +176,9 @@ blacklist ${HOME}/.cache/0ad
151	blacklist ${HOME}/.cache/8pecxstudios	176	blacklist ${HOME}/.cache/8pecxstudios
152	blacklist ${HOME}/.cache/xreader	177	blacklist ${HOME}/.cache/xreader
153	blacklist ${HOME}/.cache/Franz	178	blacklist ${HOME}/.cache/Franz
		179	blacklist ${HOME}/.cache/simple-scan
		180	blacklist ${HOME}/.cache/libgweather
		181	blacklist ${HOME}/.cache/org.gnome.Books
154		182
155	# share	183	# share
156	blacklist ${HOME}/.local/share/epiphany	184	blacklist ${HOME}/.local/share/epiphany
@@ -166,6 +194,10 @@ blacklist ${HOME}/.local/share/pix
166	blacklist ${HOME}/.local/share/gnome-chess	194	blacklist ${HOME}/.local/share/gnome-chess
167	blacklist ${HOME}/.local/share/qpdfview	195	blacklist ${HOME}/.local/share/qpdfview
168	blacklist ${HOME}/.local/share/zathura	196	blacklist ${HOME}/.local/share/zathura
		197	blacklist ${HOME}/.local/share/gnome-music
		198	blacklist ${HOME}/.local/share/gnome-photos
		199	blacklist ${HOME}/.local/share/kate
		200	blacklist ${HOME}/.local/share/dolphin
169		201
170	# ssh	202	# ssh
171	blacklist /tmp/ssh-*	203	blacklist /tmp/ssh-*


diff --git a/etc/evince.profile b/etc/evince.profile index 12ea358be..1ec384947 100644 --- a/etc/evince.profile +++ b/etc/evince.profile
@@ -1,4 +1,6 @@
1	# evince pdf reader profile	1	# evince pdf reader profile
		2	noblacklist ~/.config/evince
		3
2	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
3	include /etc/firejail/disable-programs.inc	5	include /etc/firejail/disable-programs.inc
4	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/disable-devel.inc


diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 297f7e6a9..4db485ea7 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile
@@ -1,5 +1,5 @@
1	# Firejail profile for gnome-chess	1	# Firejail profile for gnome-chess
2	noblacklist /.local/share/gnome-chess	2	noblacklist ~/.local/share/gnome-chess
3		3
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-devel.inc	5	include /etc/firejail/disable-devel.inc