diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-03-26 13:38:26 -0500 |
|---|---|---|
| committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-03-26 13:38:26 -0500 |
| commit | b84effaf9e61c90ce3b0e68cbd35d092aa40d46e (patch) | |
| tree | 9e93c013ffcbf3f8579741c3233b58dfcac78015 /etc | |
| parent | GPicViewer profile (diff) | |
| parent | merges (diff) | |
| download | firejail-b84effaf9e61c90ce3b0e68cbd35d092aa40d46e.tar.gz firejail-b84effaf9e61c90ce3b0e68cbd35d092aa40d46e.tar.zst firejail-b84effaf9e61c90ce3b0e68cbd35d092aa40d46e.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/audacious.profile | 8 | ||||
| -rw-r--r-- | etc/disable-common.inc | 1 | ||||
| -rw-r--r-- | etc/disable-passwdmgr.inc | 1 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 5 | ||||
| -rw-r--r-- | etc/gwenview.profile | 6 | ||||
| -rw-r--r-- | etc/scribus.profile | 6 | ||||
| -rw-r--r-- | etc/thunderbird.profile | 4 |
7 files changed, 27 insertions, 4 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile index 63ba9af9c..d12032166 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
| @@ -4,13 +4,21 @@ include /etc/firejail/audacious.local | |||
| 4 | 4 | ||
| 5 | # Audacious media player profile | 5 | # Audacious media player profile |
| 6 | noblacklist ~/.config/audacious | 6 | noblacklist ~/.config/audacious |
| 7 | noblacklist ~/.config/Audaciousrc | ||
| 7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
| 9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | 12 | ||
| 12 | caps.drop all | 13 | caps.drop all |
| 14 | netfilter | ||
| 13 | nonewprivs | 15 | nonewprivs |
| 14 | noroot | 16 | noroot |
| 15 | protocol unix,inet,inet6 | 17 | protocol unix,inet,inet6 |
| 16 | seccomp | 18 | seccomp |
| 19 | shell none | ||
| 20 | tracelog | ||
| 21 | |||
| 22 | private-bin audacious | ||
| 23 | private-dev | ||
| 24 | private-tmp | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index be3144133..78b41371a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -165,6 +165,7 @@ blacklist ${HOME}/*.key | |||
| 165 | blacklist ${HOME}/.muttrc | 165 | blacklist ${HOME}/.muttrc |
| 166 | blacklist ${HOME}/.mutt/muttrc | 166 | blacklist ${HOME}/.mutt/muttrc |
| 167 | blacklist ${HOME}/.msmtprc | 167 | blacklist ${HOME}/.msmtprc |
| 168 | blacklist ${HOME}/.pki | ||
| 168 | blacklist /etc/shadow | 169 | blacklist /etc/shadow |
| 169 | blacklist /etc/gshadow | 170 | blacklist /etc/gshadow |
| 170 | blacklist /etc/passwd- | 171 | blacklist /etc/passwd- |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index c4112d4d5..b5260e897 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
| @@ -2,7 +2,6 @@ | |||
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include /etc/firejail/disable-passwdmgr.local | 3 | include /etc/firejail/disable-passwdmgr.local |
| 4 | 4 | ||
| 5 | blacklist ${HOME}/.pki/nssdb | ||
| 6 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
| 8 | blacklist ${HOME}/.keepass | 7 | blacklist ${HOME}/.keepass |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6b2b1d994..eeb5bc663 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -20,6 +20,7 @@ blacklist ${HOME}/.bcast5 | |||
| 20 | blacklist ${HOME}/.claws-mail | 20 | blacklist ${HOME}/.claws-mail |
| 21 | blacklist ${HOME}/.config/0ad | 21 | blacklist ${HOME}/.config/0ad |
| 22 | blacklist ${HOME}/.config/Atom | 22 | blacklist ${HOME}/.config/Atom |
| 23 | blacklist ${HOME}/.config/Audaciousrc | ||
| 23 | blacklist ${HOME}/.config/Brackets | 24 | blacklist ${HOME}/.config/Brackets |
| 24 | blacklist ${HOME}/.config/Cryptocat | 25 | blacklist ${HOME}/.config/Cryptocat |
| 25 | blacklist ${HOME}/.config/Franz | 26 | blacklist ${HOME}/.config/Franz |
| @@ -72,6 +73,7 @@ blacklist ${HOME}/.config/google-chrome-beta | |||
| 72 | blacklist ${HOME}/.config/google-chrome-unstable | 73 | blacklist ${HOME}/.config/google-chrome-unstable |
| 73 | blacklist ${HOME}./config/gpicview | 74 | blacklist ${HOME}./config/gpicview |
| 74 | blacklist ${HOME}/.config/gthumb | 75 | blacklist ${HOME}/.config/gthumb |
| 76 | blacklist ${HOME}/.config/gwenviewrc | ||
| 75 | blacklist ${HOME}/.config/hexchat | 77 | blacklist ${HOME}/.config/hexchat |
| 76 | blacklist ${HOME}/.config/inox | 78 | blacklist ${HOME}/.config/inox |
| 77 | blacklist ${HOME}/.config/jd-gui.cfg | 79 | blacklist ${HOME}/.config/jd-gui.cfg |
| @@ -89,6 +91,7 @@ blacklist ${HOME}/.config/nautilus | |||
| 89 | blacklist ${HOME}/.config/netsurf | 91 | blacklist ${HOME}/.config/netsurf |
| 90 | blacklist ${HOME}/.config/opera | 92 | blacklist ${HOME}/.config/opera |
| 91 | blacklist ${HOME}/.config/opera-beta | 93 | blacklist ${HOME}/.config/opera-beta |
| 94 | blacklist ${HOME}/.config/org.kde.gwenviewrc | ||
| 92 | blacklist ${HOME}/.config/pix | 95 | blacklist ${HOME}/.config/pix |
| 93 | blacklist ${HOME}/.config/pluma | 96 | blacklist ${HOME}/.config/pluma |
| 94 | blacklist ${HOME}/.config/psi+ | 97 | blacklist ${HOME}/.config/psi+ |
| @@ -225,12 +228,12 @@ blacklist ${HOME}/.openshot | |||
| 225 | blacklist ${HOME}/.openshot_qt | 228 | blacklist ${HOME}/.openshot_qt |
| 226 | blacklist ${HOME}/.opera | 229 | blacklist ${HOME}/.opera |
| 227 | blacklist ${HOME}/.opera-beta | 230 | blacklist ${HOME}/.opera-beta |
| 228 | blacklist ${HOME}/.pki | ||
| 229 | blacklist ${HOME}/.purple | 231 | blacklist ${HOME}/.purple |
| 230 | blacklist ${HOME}/.qemu-launcher | 232 | blacklist ${HOME}/.qemu-launcher |
| 231 | blacklist ${HOME}/.remmina | 233 | blacklist ${HOME}/.remmina |
| 232 | blacklist ${HOME}/.retroshare | 234 | blacklist ${HOME}/.retroshare |
| 233 | blacklist ${HOME}/.scribus | 235 | blacklist ${HOME}/.scribus |
| 236 | blacklist ${HOME}/.scribusrc | ||
| 234 | blacklist ${HOME}/.steam | 237 | blacklist ${HOME}/.steam |
| 235 | blacklist ${HOME}/.steampath | 238 | blacklist ${HOME}/.steampath |
| 236 | blacklist ${HOME}/.steampid | 239 | blacklist ${HOME}/.steampid |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index f636792f0..b8067866c 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
| @@ -5,6 +5,8 @@ include /etc/firejail/gwenview.local | |||
| 5 | # KDE gwenview profile | 5 | # KDE gwenview profile |
| 6 | noblacklist ~/.kde/share/apps/gwenview | 6 | noblacklist ~/.kde/share/apps/gwenview |
| 7 | noblacklist ~/.kde/share/config/gwenviewrc | 7 | noblacklist ~/.kde/share/config/gwenviewrc |
| 8 | noblacklist ~/.config/gwenviewrc | ||
| 9 | noblacklist ~/.config/org.kde.gwenviewrc | ||
| 8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| 10 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| @@ -16,11 +18,11 @@ nonewprivs | |||
| 16 | noroot | 18 | noroot |
| 17 | protocol unix | 19 | protocol unix |
| 18 | seccomp | 20 | seccomp |
| 19 | nosound | 21 | tracelog |
| 20 | 22 | ||
| 21 | private-dev | 23 | private-dev |
| 22 | 24 | ||
| 23 | #Experimental: | 25 | # Experimental: |
| 24 | #shell none | 26 | #shell none |
| 25 | #private-bin gwenview | 27 | #private-bin gwenview |
| 26 | #private-etc X11 | 28 | #private-etc X11 |
diff --git a/etc/scribus.profile b/etc/scribus.profile index da2076286..5d0dc5af9 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
| @@ -5,9 +5,15 @@ include /etc/firejail/scribus.local | |||
| 5 | # Firejail profile for Scribus | 5 | # Firejail profile for Scribus |
| 6 | noblacklist ~/.scribus | 6 | noblacklist ~/.scribus |
| 7 | noblacklist ~/.config/scribus | 7 | noblacklist ~/.config/scribus |
| 8 | noblacklist ~/.config/scribusrc | ||
| 8 | noblacklist ~/.local/share/scribus | 9 | noblacklist ~/.local/share/scribus |
| 9 | noblacklist ~/.gimp* | 10 | noblacklist ~/.gimp* |
| 10 | 11 | ||
| 12 | # Support for PDF readers (Scribus 1.5 and higher) | ||
| 13 | noblacklist ~/.kde/share/apps/okular | ||
| 14 | noblacklist ~/.kde/share/config/okularrc | ||
| 15 | noblacklist ~/.kde/share/config/okularpartrc | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 13 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 1dc8b15c7..df1a4cdbb 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
| @@ -14,6 +14,10 @@ noblacklist ~/.thunderbird | |||
| 14 | mkdir ~/.thunderbird | 14 | mkdir ~/.thunderbird |
| 15 | whitelist ~/.thunderbird | 15 | whitelist ~/.thunderbird |
| 16 | 16 | ||
| 17 | noblacklist ~/.icedove | ||
| 18 | mkdir ~/.icedove | ||
| 19 | whitelist ~/.icedove | ||
| 20 | |||
| 17 | # allow browsers | 21 | # allow browsers |
| 18 | ignore private-tmp | 22 | ignore private-tmp |
| 19 | include /etc/firejail/firefox.profile | 23 | include /etc/firejail/firefox.profile |