added akregator, kcalc and ktorrent profiles

author: netblue30 <netblue30@yahoo.com> 2017-04-24 20:39:23 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-04-24 20:39:23 -0400
commit: bc257b6a4cdd0d335d744a0e70d06cef0c81ea26 (patch)
tree: 777f5c8558eba98704003f9d0ee7db833cc6a9da /etc
parent: fcopy - no checking for group in order to fix files such as /usr/bin/mutt_do... (diff)
download: firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.gz
firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.zst
firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.zip
4 files changed, 93 insertions, 0 deletions
diff --git a/etc/akregator.profile b/etc/akregator.profile
new file mode 100644
index 000000000..c99153450
--- /dev/null
+++ b/etc/akregator.profile
@@ -0,0 +1,30 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/akregator.local
+################################
+# Generic GUI application profile
+################################
+noblacklist ${HOME}/.config/akregatorrc
+noblacklist ${HOME}/.local/share/akregator
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+# nogroups
+# shell none
+# private-bin program
+# private-etc none
+# private-dev
+# private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 32adac298..fbe614b0d 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
 blacklist ${HOME}/.claws-mail
 blacklist ${HOME}/.config/0ad
+blacklist ${HOME}/.config/akregatorrc
 blacklist ${HOME}/.config/Atom
 blacklist ${HOME}/.config/Audaciousrc
 blacklist ${HOME}/.config/Brackets
@@ -179,6 +180,7 @@ blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
 blacklist ${HOME}/.kde4/share/config/konquerorrc
 blacklist ${HOME}/.kde4/share/config/okularpartrc
 blacklist ${HOME}/.kde4/share/config/okularrc
+blacklist ${HOME}/.kde4/share/config/ktorrentrc
 blacklist ${HOME}/.kde/share/apps/gwenview
 blacklist ${HOME}/.kde/share/apps/kcookiejar
 blacklist ${HOME}/.kde/share/apps/khtml
@@ -196,6 +198,7 @@ blacklist ${HOME}/.kde/share/config/konqsidebartngrc
 blacklist ${HOME}/.kde/share/config/konquerorrc
 blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde/share/config/ktorrentrc
 blacklist ${HOME}/.killingfloor
 blacklist ${HOME}/.kino-history
 blacklist ${HOME}/.kinorc
@@ -207,6 +210,7 @@ blacklist ${HOME}/.local/.share/maps-places.json
 blacklist ${HOME}/.local/lib/python2.7/site-packages
 blacklist ${HOME}/.local/share/0ad
 blacklist ${HOME}/.local/share/3909/PapersPlease
+blacklist ${HOME}/.local/share/akregator
 blacklist ${HOME}/.local/share/Empathy
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/QuiteRss
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
new file mode 100644
index 000000000..88f84fdf6
--- /dev/null
+++ b/etc/kcalc.profile
@@ -0,0 +1,29 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/kcalc.local
+################################
+# Generic GUI application profile
+################################
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+private
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
new file mode 100644
index 000000000..f1a5d995d
--- /dev/null
+++ b/etc/ktorrent.profile
@@ -0,0 +1,30 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/ktorrent.local
+################################
+# Generic GUI application profile
+################################
+blacklist ${HOME}/.kde/share/config/ktorrentrc
+blacklist ${HOME}/.kde4/share/config/ktorrentrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
author	netblue30 <netblue30@yahoo.com>	2017-04-24 20:39:23 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-04-24 20:39:23 -0400
commit	bc257b6a4cdd0d335d744a0e70d06cef0c81ea26 (patch)
tree	777f5c8558eba98704003f9d0ee7db833cc6a9da /etc
parent	fcopy - no checking for group in order to fix files such as /usr/bin/mutt_do... (diff)
download	firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.gz firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.zst firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.zip

diff --git a/etc/akregator.profile b/etc/akregator.profile new file mode 100644 index 000000000..c99153450 --- /dev/null +++ b/etc/akregator.profile
@@ -0,0 +1,30 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/akregator.local
		4
		5	################################
		6	# Generic GUI application profile
		7	################################
		8	noblacklist ${HOME}/.config/akregatorrc
		9	noblacklist ${HOME}/.local/share/akregator
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-programs.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13
		14	caps.drop all
		15	netfilter
		16	nonewprivs
		17	noroot
		18	protocol unix,inet,inet6
		19	seccomp
		20
		21	#
		22	# depending on you usage, you can enable some of the commands below:
		23	#
		24	# nogroups
		25	# shell none
		26	# private-bin program
		27	# private-etc none
		28	# private-dev
		29	# private-tmp
		30


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32adac298..fbe614b0d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5
21	blacklist ${HOME}/.bibletime	21	blacklist ${HOME}/.bibletime
22	blacklist ${HOME}/.claws-mail	22	blacklist ${HOME}/.claws-mail
23	blacklist ${HOME}/.config/0ad	23	blacklist ${HOME}/.config/0ad
		24	blacklist ${HOME}/.config/akregatorrc
24	blacklist ${HOME}/.config/Atom	25	blacklist ${HOME}/.config/Atom
25	blacklist ${HOME}/.config/Audaciousrc	26	blacklist ${HOME}/.config/Audaciousrc
26	blacklist ${HOME}/.config/Brackets	27	blacklist ${HOME}/.config/Brackets
@@ -179,6 +180,7 @@ blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
179	blacklist ${HOME}/.kde4/share/config/konquerorrc	180	blacklist ${HOME}/.kde4/share/config/konquerorrc
180	blacklist ${HOME}/.kde4/share/config/okularpartrc	181	blacklist ${HOME}/.kde4/share/config/okularpartrc
181	blacklist ${HOME}/.kde4/share/config/okularrc	182	blacklist ${HOME}/.kde4/share/config/okularrc
		183	blacklist ${HOME}/.kde4/share/config/ktorrentrc
182	blacklist ${HOME}/.kde/share/apps/gwenview	184	blacklist ${HOME}/.kde/share/apps/gwenview
183	blacklist ${HOME}/.kde/share/apps/kcookiejar	185	blacklist ${HOME}/.kde/share/apps/kcookiejar
184	blacklist ${HOME}/.kde/share/apps/khtml	186	blacklist ${HOME}/.kde/share/apps/khtml
@@ -196,6 +198,7 @@ blacklist ${HOME}/.kde/share/config/konqsidebartngrc
196	blacklist ${HOME}/.kde/share/config/konquerorrc	198	blacklist ${HOME}/.kde/share/config/konquerorrc
197	blacklist ${HOME}/.kde/share/config/okularpartrc	199	blacklist ${HOME}/.kde/share/config/okularpartrc
198	blacklist ${HOME}/.kde/share/config/okularrc	200	blacklist ${HOME}/.kde/share/config/okularrc
		201	blacklist ${HOME}/.kde/share/config/ktorrentrc
199	blacklist ${HOME}/.killingfloor	202	blacklist ${HOME}/.killingfloor
200	blacklist ${HOME}/.kino-history	203	blacklist ${HOME}/.kino-history
201	blacklist ${HOME}/.kinorc	204	blacklist ${HOME}/.kinorc
@@ -207,6 +210,7 @@ blacklist ${HOME}/.local/.share/maps-places.json
207	blacklist ${HOME}/.local/lib/python2.7/site-packages	210	blacklist ${HOME}/.local/lib/python2.7/site-packages
208	blacklist ${HOME}/.local/share/0ad	211	blacklist ${HOME}/.local/share/0ad
209	blacklist ${HOME}/.local/share/3909/PapersPlease	212	blacklist ${HOME}/.local/share/3909/PapersPlease
		213	blacklist ${HOME}/.local/share/akregator
210	blacklist ${HOME}/.local/share/Empathy	214	blacklist ${HOME}/.local/share/Empathy
211	blacklist ${HOME}/.local/share/Mumble	215	blacklist ${HOME}/.local/share/Mumble
212	blacklist ${HOME}/.local/share/QuiteRss	216	blacklist ${HOME}/.local/share/QuiteRss


diff --git a/etc/kcalc.profile b/etc/kcalc.profile new file mode 100644 index 000000000..88f84fdf6 --- /dev/null +++ b/etc/kcalc.profile
@@ -0,0 +1,29 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/kcalc.local
		4
		5	################################
		6	# Generic GUI application profile
		7	################################
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-programs.inc
		10	include /etc/firejail/disable-passwdmgr.inc
		11
		12	caps.drop all
		13	netfilter
		14	nonewprivs
		15	noroot
		16	protocol unix,inet,inet6
		17	seccomp
		18
		19	#
		20	# depending on you usage, you can enable some of the commands below:
		21	#
		22	private
		23	nogroups
		24	shell none
		25	# private-bin program
		26	# private-etc none
		27	private-dev
		28	private-tmp
		29


diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile new file mode 100644 index 000000000..f1a5d995d --- /dev/null +++ b/etc/ktorrent.profile
@@ -0,0 +1,30 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/ktorrent.local
		4
		5	################################
		6	# Generic GUI application profile
		7	################################
		8	blacklist ${HOME}/.kde/share/config/ktorrentrc
		9	blacklist ${HOME}/.kde4/share/config/ktorrentrc
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-programs.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13
		14	caps.drop all
		15	netfilter
		16	nonewprivs
		17	noroot
		18	protocol unix,inet,inet6
		19	seccomp
		20
		21	#
		22	# depending on you usage, you can enable some of the commands below:
		23	#
		24	nogroups
		25	shell none
		26	# private-bin program
		27	# private-etc none
		28	private-dev
		29	# private-tmp
		30