aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-03-28 01:20:21 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2018-03-28 03:23:59 +0200
commit7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch)
treeb6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc
parentEnable nodbus for keepassx and keepassxc profiles. (diff)
downloadfirejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip
recalibrate dbus access, deploy nodbus option
see #1822 and #1825. also systematically replaces 'blacklist /run/user/*/bus' with 'nodbus'. with contributions from @Fred-Barclay
Diffstat (limited to 'etc')
-rw-r--r--etc/7z.profile2
-rw-r--r--etc/apktool.profile3
-rw-r--r--etc/ardour5.profile3
-rw-r--r--etc/ark.profile3
-rw-r--r--etc/asunder.profile1
-rw-r--r--etc/atom.profile2
-rw-r--r--etc/atril.profile2
-rw-r--r--etc/audacious.profile1
-rw-r--r--etc/audacity.profile5
-rw-r--r--etc/baobab.profile3
-rw-r--r--etc/bleachbit.profile3
-rw-r--r--etc/bless.profile3
-rw-r--r--etc/bluefish.profile3
-rw-r--r--etc/calligra.profile3
-rw-r--r--etc/catfish.profile2
-rw-r--r--etc/chromium-common.profile4
-rw-r--r--etc/cin.profile3
-rw-r--r--etc/clamav.profile3
-rw-r--r--etc/cpio.profile2
-rw-r--r--etc/default.profile1
-rw-r--r--etc/dex2jar.profile3
-rw-r--r--etc/dia.profile3
-rw-r--r--etc/digikam.profile1
-rw-r--r--etc/display.profile3
-rw-r--r--etc/ebook-viewer.profile3
-rw-r--r--etc/engrampa.profile8
-rw-r--r--etc/eog.profile7
-rw-r--r--etc/eom.profile7
-rw-r--r--etc/etr.profile3
-rw-r--r--etc/evince.profile3
-rw-r--r--etc/exiftool.profile2
-rw-r--r--etc/feh.profile3
-rw-r--r--etc/ffmpeg.profile3
-rw-r--r--etc/file-roller.profile8
-rw-r--r--etc/file.profile2
-rw-r--r--etc/freecad.profile3
-rw-r--r--etc/frozen-bubble.profile3
-rw-r--r--etc/galculator.profile3
-rw-r--r--etc/gedit.profile8
-rw-r--r--etc/gimp.profile3
-rw-r--r--etc/gnome-calculator.profile5
-rw-r--r--etc/gpicview.profile3
-rw-r--r--etc/gwenview.profile4
-rw-r--r--etc/gzip.profile2
-rw-r--r--etc/handbrake.profile1
-rw-r--r--etc/hashcat.profile3
-rw-r--r--etc/highlight.profile2
-rw-r--r--etc/hugin.profile3
-rw-r--r--etc/imagej.profile3
-rw-r--r--etc/img2txt.profile3
-rw-r--r--etc/inkscape.profile3
-rw-r--r--etc/jd-gui.profile3
-rw-r--r--etc/kate.profile5
-rw-r--r--etc/kcalc.profile3
-rw-r--r--etc/kdenlive.profile2
-rw-r--r--etc/keepassx.profile2
-rw-r--r--etc/keepassxc.profile3
-rw-r--r--etc/krita.profile2
-rw-r--r--etc/kwrite.profile3
-rw-r--r--etc/less.profile2
-rw-r--r--etc/libreoffice.profile1
-rw-r--r--etc/lmms.profile3
-rw-r--r--etc/macrofusion.profile3
-rw-r--r--etc/mate-calc.profile3
-rw-r--r--etc/mediainfo.profile2
-rw-r--r--etc/meld.profile3
-rw-r--r--etc/mpv.profile1
-rw-r--r--etc/mupdf.profile3
-rw-r--r--etc/mupen64plus.profile3
-rw-r--r--etc/natron.profile3
-rw-r--r--etc/odt2txt.profile2
-rw-r--r--etc/okular.profile3
-rw-r--r--etc/open-invaders.profile3
-rw-r--r--etc/openshot.profile1
-rw-r--r--etc/pcmanfm.profile3
-rwxr-xr-xetc/pdfchain.profile4
-rw-r--r--etc/pdfmod.profile3
-rw-r--r--etc/pdfsam.profile3
-rw-r--r--etc/pdftotext.profile2
-rw-r--r--etc/peek.profile3
-rw-r--r--etc/pingus.profile3
-rw-r--r--etc/pinta.profile3
-rw-r--r--etc/pluma.profile8
-rw-r--r--etc/qbittorrent.profile1
-rw-r--r--etc/ranger.profile3
-rw-r--r--etc/rhythmbox.profile3
-rw-r--r--etc/scribus.profile6
-rw-r--r--etc/sdat2img.profile3
-rw-r--r--etc/shotcut.profile3
-rw-r--r--etc/simutrans.profile3
-rw-r--r--etc/skanlite.profile3
-rw-r--r--etc/smplayer.profile1
-rw-r--r--etc/sqlitebrowser.profile3
-rw-r--r--etc/strings.profile2
-rw-r--r--etc/supertux2.profile3
-rw-r--r--etc/synfigstudio.profile3
-rw-r--r--etc/tar.profile2
-rw-r--r--etc/terasology.profile3
-rw-r--r--etc/totem.profile3
-rw-r--r--etc/transmission-gtk.profile1
-rw-r--r--etc/transmission-qt.profile1
-rw-r--r--etc/transmission-show.profile3
-rw-r--r--etc/uefitool.profile3
-rw-r--r--etc/unrar.profile2
-rw-r--r--etc/unzip.profile2
-rw-r--r--etc/uudeview.profile3
-rw-r--r--etc/viewnior.profile2
-rw-r--r--etc/vlc.profile1
-rw-r--r--etc/x-terminal-emulator.profile3
-rw-r--r--etc/xcalc.profile3
-rw-r--r--etc/xed.profile8
-rw-r--r--etc/xpdf.profile3
-rw-r--r--etc/xplayer.profile4
-rw-r--r--etc/xreader.profile1
-rw-r--r--etc/xviewer.profile8
-rw-r--r--etc/xzdec.profile2
-rw-r--r--etc/zart.profile3
-rw-r--r--etc/zathura.profile4
118 files changed, 168 insertions, 188 deletions
diff --git a/etc/7z.profile b/etc/7z.profile
index ededacbbe..0330e4dbf 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -6,12 +6,12 @@ include /etc/firejail/7z.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/apktool.profile b/etc/apktool.profile
index bbf91c264..d5063d79b 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -6,8 +6,6 @@ include /etc/firejail/apktool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 1f2228544..cf72561da 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
11noblacklist ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
12noblacklist ${HOME}/.lv2 10noblacklist ${HOME}/.lv2
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc
20caps.drop all 18caps.drop all
21ipc-namespace 19ipc-namespace
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/ark.profile b/etc/ark.profile
index beeb652cf..8e156df0f 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ark.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/arkrc 8noblacklist ${HOME}/.config/arkrc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ apparmor
20caps.drop all 18caps.drop all
21# net none 19# net none
22netfilter 20netfilter
21# nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 0fbc3a158..7d643877f 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.drop all 21caps.drop all
22netfilter 22netfilter
23nodbus
23# nogroups 24# nogroups
24nonewprivs 25nonewprivs
25noroot 26noroot
diff --git a/etc/atom.profile b/etc/atom.profile
index 2a20279e9..c513c7531 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.atom 8noblacklist ${HOME}/.atom
11noblacklist ${HOME}/.config/Atom 9noblacklist ${HOME}/.config/Atom
12 10
diff --git a/etc/atril.profile b/etc/atril.profile
index a05f11076..b7e1e40e0 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -17,7 +17,7 @@ include /etc/firejail/disable-programs.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
19 19
20apparmor 20# apparmor
21caps.drop all 21caps.drop all
22machine-id 22machine-id
23no3d 23no3d
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 93ba5a45d..71003f156 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nogroups 22nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 8c85dd6be..e8ad7347a 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -5,8 +5,6 @@ include /etc/firejail/audacity.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.audacity-data 8noblacklist ${HOME}/.audacity-data
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,8 +16,9 @@ include /etc/firejail/whitelist-var-common.inc
18 16
19apparmor 17apparmor
20caps.drop all 18caps.drop all
21#net none 19net none
22no3d 20no3d
21# nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/baobab.profile b/etc/baobab.profile
index e47e31bb1..5c1675611 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -5,8 +5,6 @@ include /etc/firejail/baobab.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index dce7892a4..9785b9eae 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bleachbit.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/bless.profile b/etc/bless.profile
index 37d1e856f..10b471582 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bless.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/bless 8noblacklist ${HOME}/.config/bless
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 66ba0168b..6eb1d753f 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bluefish.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/calligra.profile b/etc/calligra.profile
index f09716bc3..f7df8ce85 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -5,8 +5,6 @@ include /etc/firejail/calligra.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16ipc-namespace 14ipc-namespace
17# net none 15# net none
16# nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 8765ba950..6a608c673 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -8,8 +8,6 @@ include /etc/firejail/globals.local
8# We can't blacklist much since catfish 8# We can't blacklist much since catfish
9# is for finding files/content 9# is for finding files/content
10 10
11blacklist /run/user/*/bus
12
13noblacklist ${HOME}/.config/catfish 11noblacklist ${HOME}/.config/catfish
14 12
15include /etc/firejail/disable-common.inc 13include /etc/firejail/disable-common.inc
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index a11947334..7f07c5b26 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.keep sys_chroot,sys_admin 21caps.keep sys_chroot,sys_admin
22netfilter 22netfilter
23nodbus
23nodvd 24nodvd
24nogroups 25nogroups
25notv 26notv
@@ -31,3 +32,6 @@ private-dev
31 32
32noexec ${HOME} 33noexec ${HOME}
33noexec /tmp 34noexec /tmp
35
36# the file dialog needs to work without d-bus
37env NO_CHROME_KDE_FILE_DIALOG=1
diff --git a/etc/cin.profile b/etc/cin.profile
index d114e50b1..e86a4d9b4 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -5,8 +5,6 @@ include /etc/firejail/cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/clamav.profile b/etc/clamav.profile
index c3a0132d0..41bd3b679 100644
--- a/etc/clamav.profile
+++ b/etc/clamav.profile
@@ -6,12 +6,11 @@ include /etc/firejail/clamav.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11caps.drop all 9caps.drop all
12ipc-namespace 10ipc-namespace
13net none 11net none
14no3d 12no3d
13nodbus
15nodvd 14nodvd
16nogroups 15nogroups
17nonewprivs 16nonewprivs
diff --git a/etc/cpio.profile b/etc/cpio.profile
index caee6570e..445e1cec7 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -6,7 +6,6 @@ include /etc/firejail/cpio.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12noblacklist /sbin 11noblacklist /sbin
@@ -19,6 +18,7 @@ include /etc/firejail/disable-programs.inc
19caps.drop all 18caps.drop all
20net none 19net none
21no3d 20no3d
21nodbus
22nodvd 22nodvd
23nonewprivs 23nonewprivs
24nosound 24nosound
diff --git a/etc/default.profile b/etc/default.profile
index 82eded802..1af7ceba4 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -17,6 +17,7 @@ caps.drop all
17# ipc-namespace 17# ipc-namespace
18netfilter 18netfilter
19# no3d 19# no3d
20# nodbus
20# nodvd 21# nodvd
21# nogroups 22# nogroups
22nonewprivs 23nonewprivs
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index f89e17239..ed73b8b8c 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -6,8 +6,6 @@ include /etc/firejail/dex2jar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 14caps.drop all
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/dia.profile b/etc/dia.profile
index b1a723da0..fb3506955 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -5,8 +5,6 @@ include /etc/firejail/dia.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.dia 8noblacklist ${HOME}/.dia
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 516876c6b..4df344cbc 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.drop all 21caps.drop all
22netfilter 22netfilter
23# nodbus
23nodvd 24nodvd
24nogroups 25nogroups
25nonewprivs 26nonewprivs
diff --git a/etc/display.profile b/etc/display.profile
index 41512a0cb..69183f4ca 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -5,8 +5,6 @@ include /etc/firejail/display.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/whitelist-var-common.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
index 9f7e1382b..1e28b854a 100644
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@@ -1,9 +1,8 @@
1# Firejail profile alias for calibre 1# Firejail profile alias for calibre
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4blacklist /run/user/*/bus
5
6net none 4net none
5nodbus
7 6
8# Redirect 7# Redirect
9include /etc/firejail/calibre.profile 8include /etc/firejail/calibre.profile
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index ae61f1d93..1ecdbd1b8 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -5,8 +5,6 @@ include /etc/firejail/engrampa.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,9 +12,13 @@ include /etc/firejail/disable-programs.inc
14 12
15include /etc/firejail/whitelist-var-common.inc 13include /etc/firejail/whitelist-var-common.inc
16 14
15# following line makes settings immutable
16apparmor
17caps.drop all 17caps.drop all
18# net none - makes settings immutable 18net none
19no3d 19no3d
20# following line makes settings immutable
21nodbus
20nodvd 22nodvd
21nogroups 23nogroups
22nonewprivs 24nonewprivs
diff --git a/etc/eog.profile b/etc/eog.profile
index 475abc4a5..1ab78c345 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -5,8 +5,6 @@ include /etc/firejail/eog.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/eog 9noblacklist ${HOME}/.config/eog
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,10 +17,13 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
20# following line makes settings immutable
22apparmor 21apparmor
23caps.drop all 22caps.drop all
24# net none - makes settings immutable 23net none
25no3d 24no3d
25# following line makes settings immutable
26nodbus
26nodvd 27nodvd
27nogroups 28nogroups
28nonewprivs 29nonewprivs
diff --git a/etc/eom.profile b/etc/eom.profile
index c7c92db0e..978fa78a4 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/eom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/mate/eom 9noblacklist ${HOME}/.config/mate/eom
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,10 +17,13 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
20# following line makes settings immutable
22apparmor 21apparmor
23caps.drop all 22caps.drop all
24# net none - makes settings immutable 23net none
25no3d 24no3d
25# following line makes settings immutable
26nodbus
26nodvd 27nodvd
27nogroups 28nogroups
28nonewprivs 29nonewprivs
diff --git a/etc/etr.profile b/etc/etr.profile
index ad2e5be5d..5c01636cc 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -5,8 +5,6 @@ include /etc/firejail/etr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.etr 8noblacklist ${HOME}/.etr
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/evince.profile b/etc/evince.profile
index 72c1ffc97..08c82086b 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -5,8 +5,6 @@ include /etc/firejail/evince.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/evince 8noblacklist ${HOME}/.config/evince
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ machine-id
21# net none breaks AppArmor on Ubuntu systems 19# net none breaks AppArmor on Ubuntu systems
22netfilter 20netfilter
23no3d 21no3d
22# nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 18d1e3c81..8ab6012f5 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -6,7 +6,6 @@ include /etc/firejail/exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12noblacklist /usr/bin/perl 11noblacklist /usr/bin/perl
@@ -21,6 +20,7 @@ include /etc/firejail/disable-programs.inc
21caps.drop all 20caps.drop all
22net none 21net none
23no3d 22no3d
23nodbus
24nodvd 24nodvd
25nogroups 25nogroups
26nonewprivs 26nonewprivs
diff --git a/etc/feh.profile b/etc/feh.profile
index 1320434f1..ba7a76c49 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -5,8 +5,6 @@ include /etc/firejail/feh.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index acea1e834..538179107 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -6,8 +6,6 @@ include /etc/firejail/ffmpeg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18caps.drop all 16caps.drop all
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nosound 21nosound
23notv 22notv
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index bc4e70da4..83e6a9957 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -5,8 +5,6 @@ include /etc/firejail/file-roller.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,9 +12,13 @@ include /etc/firejail/disable-programs.inc
14 12
15include /etc/firejail/whitelist-var-common.inc 13include /etc/firejail/whitelist-var-common.inc
16 14
15# following line makes settings immutable
16apparmor
17caps.drop all 17caps.drop all
18# net none - makes settings immutable 18net none
19no3d 19no3d
20# following line makes settings immutable
21nodbus
20nodvd 22nodvd
21nogroups 23nogroups
22nonewprivs 24nonewprivs
diff --git a/etc/file.profile b/etc/file.profile
index 041bf5ae5..2bdbaaaa8 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -6,7 +6,6 @@ include /etc/firejail/file.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
@@ -17,6 +16,7 @@ caps.drop all
17hostname file 16hostname file
18net none 17net none
19no3d 18no3d
19nodbus
20nodvd 20nodvd
21nogroups 21nogroups
22nonewprivs 22nonewprivs
diff --git a/etc/freecad.profile b/etc/freecad.profile
index bac502a5f..c51d88f7a 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -5,8 +5,6 @@ include /etc/firejail/freecad.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/FreeCAD 8noblacklist ${HOME}/.config/FreeCAD
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index ca38ed1b8..8acd32bdd 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -5,8 +5,6 @@ include /etc/firejail/frozen-bubble.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.frozen-bubble 8noblacklist ${HOME}/.frozen-bubble
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
21 19
22caps.drop all 20caps.drop all
23net none 21net none
22nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/galculator.profile b/etc/galculator.profile
index b28c7943f..8229f8250 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -5,8 +5,6 @@ include /etc/firejail/galculator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/galculator 8noblacklist ${HOME}/.config/galculator
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -22,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
22apparmor 20apparmor
23caps.drop all 21caps.drop all
24net none 22net none
23nodbus
25nodvd 24nodvd
26nogroups 25nogroups
27nonewprivs 26nonewprivs
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 97eb692de..5b058ae28 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gedit.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/enchant 8noblacklist ${HOME}/.config/enchant
11noblacklist ${HOME}/.config/gedit 9noblacklist ${HOME}/.config/gedit
12noblacklist ${HOME}/.gitconfig 10noblacklist ${HOME}/.gitconfig
@@ -18,10 +16,14 @@ include /etc/firejail/disable-programs.inc
18 16
19include /etc/firejail/whitelist-var-common.inc 17include /etc/firejail/whitelist-var-common.inc
20 18
19# following line makes settings immutable
20apparmor
21caps.drop all 21caps.drop all
22# net none - makes settings immutable
23machine-id 22machine-id
23net none
24no3d 24no3d
25# following line makes settings immutable
26nodbus
25nodvd 27nodvd
26nogroups 28nogroups
27nonewprivs 29nonewprivs
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 3cc012a88..49df54d1f 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gimp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.gimp* 8noblacklist ${HOME}/.gimp*
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 16apparmor
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index d13208a1e..a4ef9cfc1 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -14,10 +14,13 @@ include /etc/firejail/disable-programs.inc
14include /etc/firejail/whitelist-common.inc 14include /etc/firejail/whitelist-common.inc
15include /etc/firejail/whitelist-var-common.inc 15include /etc/firejail/whitelist-var-common.inc
16 16
17# following line makes settings immutable
17apparmor 18apparmor
18caps.drop all 19caps.drop all
19netfilter 20net none
20no3d 21no3d
22# following line makes settings immutable
23nodbus
21nodvd 24nodvd
22nogroups 25nogroups
23nonewprivs 26nonewprivs
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 8d47d9c31..c6453e972 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gpicview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/gpicview 8noblacklist ${HOME}/.config/gpicview
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18 16
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index d79b72152..d17be41cc 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gwenview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/gwenviewrc 8noblacklist ${HOME}/.config/gwenviewrc
11noblacklist ${HOME}/.config/org.kde.gwenviewrc 9noblacklist ${HOME}/.config/org.kde.gwenviewrc
12noblacklist ${HOME}/.gimp* 10noblacklist ${HOME}/.gimp*
@@ -24,8 +22,10 @@ include /etc/firejail/disable-programs.inc
24 22
25include /etc/firejail/whitelist-var-common.inc 23include /etc/firejail/whitelist-var-common.inc
26 24
25apparmor
27caps.drop all 26caps.drop all
28# net none 27# net none
28# nodbus
29nodvd 29nodvd
30nogroups 30nogroups
31nonewprivs 31nonewprivs
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 5187bb9f0..779067770 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -6,12 +6,12 @@ include /etc/firejail/gzip.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index b99842d60..ff9dd248f 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-var-common.inc
17apparmor 17apparmor
18caps.drop all 18caps.drop all
19netfilter 19netfilter
20nodbus
20nogroups 21nogroups
21nonewprivs 22nonewprivs
22noroot 23noroot
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index ad1aae523..c8ab268c8 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -6,8 +6,6 @@ include /etc/firejail/hashcat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11noblacklist ${HOME}/.hashcat 9noblacklist ${HOME}/.hashcat
12noblacklist /usr/include 10noblacklist /usr/include
13 11
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18 16
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/highlight.profile b/etc/highlight.profile
index a7c667ce1..781866f3b 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -5,7 +5,6 @@ include /etc/firejail/highlight.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/hugin.profile b/etc/hugin.profile
index bff074b74..3847a7daf 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -5,8 +5,6 @@ include /etc/firejail/hugin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.hugin 8noblacklist ${HOME}/.hugin
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 058da2805..7396160af 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -5,8 +5,6 @@ include /etc/firejail/imagej.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.imagej 8noblacklist ${HOME}/.imagej
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 5a19a75f1..8c157bf2a 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -5,8 +5,6 @@ include /etc/firejail/img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,6 +12,7 @@ include /etc/firejail/disable-programs.inc
14 12
15caps.drop all 13caps.drop all
16net none 14net none
15nodbus
17nodvd 16nodvd
18nogroups 17nogroups
19nonewprivs 18nonewprivs
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 6e669ea2c..d573cc706 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -18,7 +18,8 @@ include /etc/firejail/whitelist-var-common.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
21netfilter 21net none
22nodbus
22nodvd 23nodvd
23nogroups 24nogroups
24nonewprivs 25nonewprivs
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index bf461b93d..f70eff3e4 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -5,8 +5,6 @@ include /etc/firejail/jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
11noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
12 10
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18caps.drop all 16caps.drop all
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/kate.profile b/etc/kate.profile
index 5042077e5..df9643fee 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -5,8 +5,6 @@ include /etc/firejail/kate.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/katepartrc 8noblacklist ${HOME}/.config/katepartrc
11noblacklist ${HOME}/.config/katerc 9noblacklist ${HOME}/.config/katerc
12noblacklist ${HOME}/.config/kateschemarc 10noblacklist ${HOME}/.config/kateschemarc
@@ -21,9 +19,10 @@ include /etc/firejail/disable-programs.inc
21 19
22include /etc/firejail/whitelist-var-common.inc 20include /etc/firejail/whitelist-var-common.inc
23 21
24apparmor 22# apparmor
25caps.drop all 23caps.drop all
26# net none 24# net none
25# nodbus
27netfilter 26netfilter
28nodvd 27nodvd
29nogroups 28nogroups
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 3f024f3fa..db10167ed 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -20,9 +20,12 @@ whitelist ${HOME}/.kde4/share/config/kcalcrc
20include /etc/firejail/whitelist-common.inc 20include /etc/firejail/whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include /etc/firejail/whitelist-var-common.inc
22 22
23apparmor
23caps.drop all 24caps.drop all
25# net none
24netfilter 26netfilter
25no3d 27no3d
28# nodbus
26nodvd 29nodvd
27nogroups 30nogroups
28nonewprivs 31nonewprivs
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 5c770856a..819279b10 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -5,7 +5,6 @@ include /etc/firejail/kdenlive.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9noblacklist ${HOME}/.cache/kdenlive 8noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 9noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 10noblacklist ${HOME}/.local/share/kdenlive
@@ -18,6 +17,7 @@ include /etc/firejail/disable-programs.inc
18apparmor 17apparmor
19caps.drop all 18caps.drop all
20# net none 19# net none
20# nodbus
21nodvd 21nodvd
22nogroups 22nogroups
23nonewprivs 23nonewprivs
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 91ead4bfa..14af2682c 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -5,8 +5,6 @@ include /etc/firejail/keepassx.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/*.kdb 8noblacklist ${HOME}/*.kdb
11noblacklist ${HOME}/*.kdbx 9noblacklist ${HOME}/*.kdbx
12noblacklist ${HOME}/.config/keepassx 10noblacklist ${HOME}/.config/keepassx
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 8b760cb02..0e464cbe4 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/keepassxc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/*.kdb 8noblacklist ${HOME}/*.kdb
11noblacklist ${HOME}/*.kdbx 9noblacklist ${HOME}/*.kdbx
12noblacklist ${HOME}/.config/keepassxc 10noblacklist ${HOME}/.config/keepassxc
@@ -22,6 +20,7 @@ include /etc/firejail/disable-programs.inc
22include /etc/firejail/whitelist-var-common.inc 20include /etc/firejail/whitelist-var-common.inc
23 21
24caps.drop all 22caps.drop all
23machine-id
25net none 24net none
26no3d 25no3d
27nodvd 26nodvd
diff --git a/etc/krita.profile b/etc/krita.profile
index 0f4c5210b..24948c584 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -5,7 +5,6 @@ include /etc/firejail/krita.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9noblacklist ${HOME}/.config/kritarc 8noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 9noblacklist ${HOME}/.local/share/krita
11 10
@@ -18,6 +17,7 @@ apparmor
18caps.drop all 17caps.drop all
19ipc-namespace 18ipc-namespace
20# net none 19# net none
20# nodbus
21nodvd 21nodvd
22nogroups 22nogroups
23nonewprivs 23nonewprivs
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index 1c4e50b77..ac51259c0 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -5,8 +5,6 @@ include /etc/firejail/kwrite.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/katepartrc 8noblacklist ${HOME}/.config/katepartrc
11noblacklist ${HOME}/.config/katerc 9noblacklist ${HOME}/.config/katerc
12noblacklist ${HOME}/.config/kateschemarc 10noblacklist ${HOME}/.config/kateschemarc
@@ -26,6 +24,7 @@ apparmor
26caps.drop all 24caps.drop all
27# net none 25# net none
28netfilter 26netfilter
27# nodbus
29nodvd 28nodvd
30nogroups 29nogroups
31nonewprivs 30nonewprivs
diff --git a/etc/less.profile b/etc/less.profile
index 3b1c5d6bf..e2616ba4f 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -6,12 +6,12 @@ include /etc/firejail/less.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index ceb680951..15961321e 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -21,6 +21,7 @@ apparmor
21caps.drop all 21caps.drop all
22machine-id 22machine-id
23netfilter 23netfilter
24nodbus
24nodvd 25nodvd
25nogroups 26nogroups
26nonewprivs 27nonewprivs
diff --git a/etc/lmms.profile b/etc/lmms.profile
index b2bacb246..a9fecf5be 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -5,8 +5,6 @@ include /etc/firejail/lmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.lmmsrc.xml 8noblacklist ${HOME}/.lmmsrc.xml
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index f8c5c34ca..948c7226d 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -5,8 +5,6 @@ include /etc/firejail/macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index be5dac206..f452b751a 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mate-calc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mate-calc 8noblacklist ${HOME}/.config/mate-calc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -24,6 +22,7 @@ whitelist ${HOME}/.themes
24caps.drop all 22caps.drop all
25net none 23net none
26no3d 24no3d
25nodbus
27nodvd 26nodvd
28nogroups 27nogroups
29nonewprivs 28nonewprivs
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index de9297174..c3c84ed39 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -5,7 +5,6 @@ include /etc/firejail/mediainfo.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/meld.profile b/etc/meld.profile
index 1a451ff57..78d9e0c76 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -5,8 +5,6 @@ include /etc/firejail/meld.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/meld 8noblacklist ${HOME}/.local/share/meld
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mpv.profile b/etc/mpv.profile
index a4dc679f4..dcd8b05e1 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nogroups 22nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 9e04c3a81..af5859dbc 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mupdf.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc
17caps.drop all 15caps.drop all
18machine-id 16machine-id
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index e05babc91..2e3d7cfb8 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mupen64plus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mupen64plus 8noblacklist ${HOME}/.config/mupen64plus
11noblacklist ${HOME}/.local/share/mupen64plus 9noblacklist ${HOME}/.local/share/mupen64plus
12 10
@@ -24,6 +22,7 @@ include /etc/firejail/whitelist-common.inc
24 22
25caps.drop all 23caps.drop all
26net none 24net none
25nodbus
27nodvd 26nodvd
28nonewprivs 27nonewprivs
29noroot 28noroot
diff --git a/etc/natron.profile b/etc/natron.profile
index 413ea53f9..cf01c862c 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -5,8 +5,6 @@ include /etc/firejail/natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.Natron 8noblacklist ${HOME}/.Natron
11noblacklist ${HOME}/.cache/INRIA/Natron 9noblacklist ${HOME}/.cache/INRIA/Natron
12noblacklist ${HOME}/.config/INRIA 10noblacklist ${HOME}/.config/INRIA
@@ -19,6 +17,7 @@ include /etc/firejail/disable-programs.inc
19 17
20caps.drop all 18caps.drop all
21net none 19net none
20nodbus
22nodvd 21nodvd
23nogroups 22nogroups
24nonewprivs 23nonewprivs
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index b6d4a63b5..c807a5399 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -5,7 +5,6 @@ include /etc/firejail/odt2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/okular.profile b/etc/okular.profile
index ffe0d2bfb..f1f0b2c7e 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -5,8 +5,6 @@ include /etc/firejail/okular.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/okular 8noblacklist ${HOME}/.cache/okular
11noblacklist ${HOME}/.config/okularpartrc 9noblacklist ${HOME}/.config/okularpartrc
12noblacklist ${HOME}/.config/okularrc 10noblacklist ${HOME}/.config/okularrc
@@ -30,6 +28,7 @@ caps.drop all
30machine-id 28machine-id
31# net none 29# net none
32netfilter 30netfilter
31# nodbus
33nodvd 32nodvd
34nogroups 33nogroups
35nonewprivs 34nonewprivs
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 191f8d87b..3c3609dae 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -5,8 +5,6 @@ include /etc/firejail/open-invaders.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.openinvaders 8noblacklist ${HOME}/.openinvaders
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/openshot.profile b/etc/openshot.profile
index ca9110be6..b9eb29590 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nodvd 22nodvd
22nogroups 23nogroups
23nonewprivs 24nonewprivs
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index 08c607020..0dcd21549 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pcmanfm.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/Trash 8noblacklist ${HOME}/.local/share/Trash
11# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below 9# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
12# noblacklist ${HOME}/.config/pcmanfm 10# noblacklist ${HOME}/.config/pcmanfm
@@ -19,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc
19caps.drop all 17caps.drop all
20# net none - see issue #1467, computer:/// location broken 18# net none - see issue #1467, computer:/// location broken
21no3d 19no3d
20# nodbus
22nodvd 21nodvd
23nonewprivs 22nonewprivs
24noroot 23noroot
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index d43c0911e..b4ccb6003 100755
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -5,9 +5,6 @@ include /etc/firejail/pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 9include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
@@ -19,6 +16,7 @@ caps.drop all
19ipc-namespace 16ipc-namespace
20net none 17net none
21no3d 18no3d
19nodbus
22nogroups 20nogroups
23nonewprivs 21nonewprivs
24noroot 22noroot
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index 8ac09dcdc..9b08dfd84 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pdfmod.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/pdfmod 8noblacklist ${HOME}/.cache/pdfmod
11noblacklist ${HOME}/.config/pdfmod 9noblacklist ${HOME}/.config/pdfmod
12 10
@@ -22,6 +20,7 @@ ipc-namespace
22machine-id 20machine-id
23net none 21net none
24no3d 22no3d
23nodbus
25nodvd 24nodvd
26nogroups 25nogroups
27nonewprivs 26nonewprivs
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index c1515ab73..465f68fd6 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pdfsam.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ caps.drop all
18machine-id 16machine-id
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 736faa5ea..a97063754 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -5,7 +5,6 @@ include /etc/firejail/pdftotext.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -19,6 +18,7 @@ caps.drop all
19machine-id 18machine-id
20net none 19net none
21no3d 20no3d
21nodbus
22nodvd 22nodvd
23nogroups 23nogroups
24nonewprivs 24nonewprivs
diff --git a/etc/peek.profile b/etc/peek.profile
index 01db4fa08..7b7ab9470 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -5,8 +5,6 @@ include /etc/firejail/peek.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/pingus.profile b/etc/pingus.profile
index ec7eff632..b287e7ee8 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pingus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.pingus 8noblacklist ${HOME}/.pingus
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 4a8815a73..b51521ef7 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pinta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/Pinta 8noblacklist ${HOME}/.config/Pinta
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/pluma.profile b/etc/pluma.profile
index b50e3cbaf..a6c36f647 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pluma.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/pluma 8noblacklist ${HOME}/.config/pluma
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,10 +14,14 @@ include /etc/firejail/disable-programs.inc
16 14
17include /etc/firejail/whitelist-var-common.inc 15include /etc/firejail/whitelist-var-common.inc
18 16
17# following line makes settings immutable
18apparmor
19caps.drop all 19caps.drop all
20# net none - makes settings immutable
21machine-id 20machine-id
21net none
22no3d 22no3d
23# following line makes settings immutable
24nodbus
23nodvd 25nodvd
24nogroups 26nogroups
25nonewprivs 27nonewprivs
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 8df8177eb..14a9e8adc 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -30,6 +30,7 @@ apparmor
30caps.drop all 30caps.drop all
31machine-id 31machine-id
32netfilter 32netfilter
33nodbus
33nodvd 34nodvd
34nogroups 35nogroups
35nonewprivs 36nonewprivs
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 211a1b2d5..fd5bbf89c 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ranger.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10# noblacklist /usr/bin/cpan* 8# noblacklist /usr/bin/cpan*
11noblacklist /usr/bin/perl 9noblacklist /usr/bin/perl
12noblacklist /usr/lib/perl* 10noblacklist /usr/lib/perl*
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index a20bdb883..62d0f6334 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -13,10 +13,13 @@ include /etc/firejail/disable-programs.inc
13 13
14include /etc/firejail/whitelist-var-common.inc 14include /etc/firejail/whitelist-var-common.inc
15 15
16# following line makes settings immutable
16apparmor 17apparmor
17caps.drop all 18caps.drop all
18netfilter 19netfilter
19# no3d 20# no3d
21# following line makes settings immutable
22nodbus
20nogroups 23nogroups
21nonewprivs 24nonewprivs
22noroot 25noroot
diff --git a/etc/scribus.profile b/etc/scribus.profile
index 8ce63fbf0..7325b663d 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/scribus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10# Support for PDF readers comes with Scribus 1.5 and higher 8# Support for PDF readers comes with Scribus 1.5 and higher
11noblacklist ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
12noblacklist ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
@@ -33,6 +31,7 @@ include /etc/firejail/whitelist-var-common.inc
33 31
34caps.drop all 32caps.drop all
35net none 33net none
34nodbus
36nodvd 35nodvd
37nogroups 36nogroups
38nonewprivs 37nonewprivs
@@ -48,3 +47,6 @@ tracelog
48# private-bin scribus,gs,gimp* 47# private-bin scribus,gs,gimp*
49private-dev 48private-dev
50private-tmp 49private-tmp
50
51# noexec ${HOME}
52noexec /tmp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index bc94ae2a0..2f3d94f01 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -6,8 +6,6 @@ include /etc/firejail/sdat2img.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 14caps.drop all
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index 3f2cc3d33..293a89ba3 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -5,8 +5,6 @@ include /etc/firejail/shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/Meltytech 8noblacklist ${HOME}/.config/Meltytech
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 8b4113d2f..adde3f8ce 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -5,8 +5,6 @@ include /etc/firejail/simutrans.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.simutrans 8noblacklist ${HOME}/.simutrans
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 316cf5821..4fa649654 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -5,8 +5,6 @@ include /etc/firejail/skanlite.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16# net none 14# net none
17netfilter 15netfilter
16# nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 64eff5670..60af4cf17 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21# nodbus
21# nogroups 22# nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 933d55b79..22c37645d 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -5,8 +5,6 @@ include /etc/firejail/sqlitebrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/sqlitebrowser 8noblacklist ${HOME}/.config/sqlitebrowser
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/strings.profile b/etc/strings.profile
index 09273f35d..8995ad2a6 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -6,12 +6,12 @@ include /etc/firejail/strings.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index d60d7fa5f..24f42c276 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -5,8 +5,6 @@ include /etc/firejail/supertux2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/supertux2 8noblacklist ${HOME}/.local/share/supertux2
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
21 19
22caps.drop all 20caps.drop all
23net none 21net none
22nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 415a42cf5..be9c2aa64 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -5,8 +5,6 @@ include /etc/firejail/synfigstudio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/synfig 8noblacklist ${HOME}/.config/synfig
11noblacklist ${HOME}/.synfig 9noblacklist ${HOME}/.synfig
12 10
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17 15
18caps.drop all 16caps.drop all
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/tar.profile b/etc/tar.profile
index bd7973abf..5f54bf02d 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -6,13 +6,13 @@ include /etc/firejail/tar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname tar 11hostname tar
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/terasology.profile b/etc/terasology.profile
index ea25938d3..e671c4dc3 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -5,8 +5,6 @@ include /etc/firejail/terasology.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
11noblacklist ${HOME}/.local/share/terasology 9noblacklist ${HOME}/.local/share/terasology
12 10
@@ -25,6 +23,7 @@ caps.drop all
25ipc-namespace 23ipc-namespace
26net none 24net none
27netfilter 25netfilter
26nodbus
28nodvd 27nodvd
29nogroups 28nogroups
30nonewprivs 29nonewprivs
diff --git a/etc/totem.profile b/etc/totem.profile
index 6dbc5f0c2..f466b3ea6 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -15,9 +15,12 @@ include /etc/firejail/disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include /etc/firejail/whitelist-var-common.inc
17 17
18# following line makes settings immutable
18apparmor 19apparmor
19caps.drop all 20caps.drop all
20netfilter 21netfilter
22# following line makes settings immutable
23nodbus
21nogroups 24nogroups
22nonewprivs 25nonewprivs
23noroot 26noroot
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 3d249748d..ee044aa0d 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -25,6 +25,7 @@ apparmor
25caps.drop all 25caps.drop all
26machine-id 26machine-id
27netfilter 27netfilter
28nodbus
28nodvd 29nodvd
29nonewprivs 30nonewprivs
30noroot 31noroot
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 4f4d9bac1..a8fb80fd8 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -25,6 +25,7 @@ apparmor
25caps.drop all 25caps.drop all
26machine-id 26machine-id
27netfilter 27netfilter
28nodbus
28nodvd 29nodvd
29nonewprivs 30nonewprivs
30noroot 31noroot
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 135371747..575bf77dc 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -5,8 +5,6 @@ include /etc/firejail/transmission-show.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/transmission 8noblacklist ${HOME}/.cache/transmission
11noblacklist ${HOME}/.config/transmission 9noblacklist ${HOME}/.config/transmission
12 10
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18caps.drop all 16caps.drop all
19machine-id 17machine-id
20net none 18net none
19nodbus
21nodvd 20nodvd
22nonewprivs 21nonewprivs
23noroot 22noroot
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index 6cff5249c..a10b44fb1 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -5,8 +5,6 @@ include /etc/firejail/uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ caps.drop all
16ipc-namespace 14ipc-namespace
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/unrar.profile b/etc/unrar.profile
index f7e25d5d7..ba2a86f4c 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -6,13 +6,13 @@ include /etc/firejail/unrar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname unrar 11hostname unrar
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/unzip.profile b/etc/unzip.profile
index fe16c670d..fddc79260 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -6,13 +6,13 @@ include /etc/firejail/unzip.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname unzip 11hostname unzip
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index f7699552d..b64ecaa3e 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -6,11 +6,10 @@ include /etc/firejail/uudeview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11hostname uudeview 9hostname uudeview
12ignore noroot 10ignore noroot
13net none 11net none
12nodbus
14nodvd 13nodvd
15nosound 14nosound
16notv 15notv
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 39bf3f7ce..135147266 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -5,7 +5,6 @@ include /etc/firejail/viewnior.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist ${HOME}/.bashrc 8blacklist ${HOME}/.bashrc
10 9
11noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
@@ -20,6 +19,7 @@ include /etc/firejail/disable-programs.inc
20caps.drop all 19caps.drop all
21net none 20net none
22no3d 21no3d
22nodbus
23nodvd 23nodvd
24nogroups 24nogroups
25nonewprivs 25nonewprivs
diff --git a/etc/vlc.profile b/etc/vlc.profile
index dad9a9ae1..c36a1f238 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21# nodbus
21# nogroups 22# nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index 67707ffb8..ac8f0fe2a 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -5,12 +5,11 @@ include /etc/firejail/x-terminal-emulator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10caps.drop all 8caps.drop all
11ipc-namespace 9ipc-namespace
12net none 10net none
13netfilter 11netfilter
12nodbus
14nogroups 13nogroups
15noroot 14noroot
16protocol unix 15protocol unix
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index 467f96003..8493fe658 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xcalc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -18,6 +16,7 @@ caps.drop all
18net none 16net none
19netfilter 17netfilter
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/xed.profile b/etc/xed.profile
index e4ab673e8..2bc73693e 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xed.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,10 +14,14 @@ include /etc/firejail/disable-programs.inc
16 14
17include /etc/firejail/whitelist-var-common.inc 15include /etc/firejail/whitelist-var-common.inc
18 16
17# following line makes settings immutable
18apparmor
19caps.drop all 19caps.drop all
20# net none - makes settings immutable
21machine-id 20machine-id
21net none
22no3d 22no3d
23# following line makes settings immutable
24nodbus
23nodvd 25nodvd
24nogroups 26nogroups
25nonewprivs 27nonewprivs
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index 7b8042e5c..9eeda4d29 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xpdf.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.xpdfrc 8noblacklist ${HOME}/.xpdfrc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ caps.drop all
20machine-id 18machine-id
21net none 19net none
22no3d 20no3d
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 8ea361d79..ef1eb38e7 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -15,8 +15,12 @@ include /etc/firejail/disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include /etc/firejail/whitelist-var-common.inc
17 17
18# following line makes settings immutable
19apparmor
18caps.drop all 20caps.drop all
19netfilter 21netfilter
22# following line makes settings immutable
23nodbus
20nogroups 24nogroups
21nonewprivs 25nonewprivs
22noroot 26noroot
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 00bd1ee2f..1ddfad26f 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include /etc/firejail/whitelist-var-common.inc
18 18
19# apparmor
19caps.drop all 20caps.drop all
20no3d 21no3d
21nodvd 22nodvd
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7c4ede111..86d0b6d4a 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,9 +17,13 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
20# following line makes settings immutable
21apparmor
22caps.drop all 22caps.drop all
23# net none - makes settings immutable 23net none
24no3d 24no3d
25# following line makes settings immutable
26nodbus
25nodvd 27nodvd
26nogroups 28nogroups
27nonewprivs 29nonewprivs
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 1136a6535..5913fd07a 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -6,12 +6,12 @@ include /etc/firejail/xzdec.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/zart.profile b/etc/zart.profile
index e9fd9b3bd..60eb09c71 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -5,8 +5,6 @@ include /etc/firejail/zart.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16ipc-namespace 14ipc-namespace
17net none 15net none
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 288abb8ec..3edece779 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -5,8 +5,6 @@ include /etc/firejail/zathura.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/zathura 8noblacklist ${HOME}/.config/zathura
11noblacklist ${HOME}/.local/share/zathura 9noblacklist ${HOME}/.local/share/zathura
12 10
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17 15
18caps.drop all 16caps.drop all
19# net none 17# net none
18# nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
@@ -31,5 +30,6 @@ private-bin zathura
31private-dev 30private-dev
32private-etc fonts 31private-etc fonts
33private-tmp 32private-tmp
33
34read-only ${HOME}/ 34read-only ${HOME}/
35read-write ${HOME}/.local/share/zathura/ 35read-write ${HOME}/.local/share/zathura/
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 13:44:12 +0000