diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-12 08:17:40 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-12 08:17:40 -0500 |
commit | c93cca65a60987d4f7c6591685f57262c83c7580 (patch) | |
tree | 3a2836618165302de878b37ad1e8af3f6d5eac3a /etc | |
parent | file transfer feature (diff) | |
download | firejail-c93cca65a60987d4f7c6591685f57262c83c7580.tar.gz firejail-c93cca65a60987d4f7c6591685f57262c83c7580.tar.zst firejail-c93cca65a60987d4f7c6591685f57262c83c7580.zip |
profile update
Diffstat (limited to 'etc')
-rw-r--r-- | etc/audacious.profile | 2 | ||||
-rw-r--r-- | etc/bitlbee.profile | 3 | ||||
-rw-r--r-- | etc/cherrytree.profile | 11 | ||||
-rw-r--r-- | etc/clementine.profile | 2 | ||||
-rw-r--r-- | etc/conkeror.profile | 2 | ||||
-rw-r--r-- | etc/deadbeef.profile | 2 | ||||
-rw-r--r-- | etc/deluge.profile | 3 | ||||
-rw-r--r-- | etc/empathy.profile | 4 | ||||
-rw-r--r-- | etc/evince.profile | 4 | ||||
-rw-r--r-- | etc/fbreader.profile | 3 | ||||
-rw-r--r-- | etc/filezilla.profile | 4 | ||||
-rw-r--r-- | etc/hedgewars.profile | 1 | ||||
-rw-r--r-- | etc/hexchat.profile | 2 | ||||
-rw-r--r-- | etc/polari.profile | 2 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 4 | ||||
-rw-r--r-- | etc/quassel.profile | 2 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 4 | ||||
-rw-r--r-- | etc/rtorrent.profile | 3 | ||||
-rw-r--r-- | etc/spotify.profile | 2 | ||||
-rw-r--r-- | etc/telegram.profile | 3 | ||||
-rw-r--r-- | etc/totem.profile | 3 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 2 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 2 | ||||
-rw-r--r-- | etc/vlc.profile | 3 | ||||
-rw-r--r-- | etc/weechat-curses.profile | 2 | ||||
-rw-r--r-- | etc/weechat.profile | 3 | ||||
-rw-r--r-- | etc/xchat.profile | 2 |
27 files changed, 55 insertions, 25 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile index f9a48f33c..b9ce11c0e 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Audacious profile | 1 | # Audacious media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 5eeddb815..ca9e87818 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # BitlBee profile | 1 | # BitlBee instant messaging profile |
2 | noblacklist /sbin | 2 | noblacklist /sbin |
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
@@ -8,3 +8,4 @@ protocol unix,inet,inet6 | |||
8 | private | 8 | private |
9 | private-dev | 9 | private-dev |
10 | seccomp | 10 | seccomp |
11 | netfilter | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7502e9d15..d1e1c71d9 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -1,3 +1,9 @@ | |||
1 | # cherrytree note taking application | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | |||
1 | whitelist ${HOME}/cherrytree | 7 | whitelist ${HOME}/cherrytree |
2 | mkdir ~/.config | 8 | mkdir ~/.config |
3 | mkdir ~/.config/cherrytree | 9 | mkdir ~/.config/cherrytree |
@@ -5,10 +11,6 @@ whitelist ${HOME}/.config/cherrytree/ | |||
5 | mkdir ~/.local | 11 | mkdir ~/.local |
6 | mkdir ~/.local/share | 12 | mkdir ~/.local/share |
7 | whitelist ${HOME}/.local/share/ | 13 | whitelist ${HOME}/.local/share/ |
8 | include /etc/firejail/disable-mgmt.inc | ||
9 | include /etc/firejail/disable-secret.inc | ||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | caps.drop all | 14 | caps.drop all |
13 | seccomp | 15 | seccomp |
14 | protocol unix,inet,inet6,netlink | 16 | protocol unix,inet,inet6,netlink |
@@ -16,3 +18,4 @@ netfilter | |||
16 | tracelog | 18 | tracelog |
17 | noroot | 19 | noroot |
18 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | nosound | ||
diff --git a/etc/clementine.profile b/etc/clementine.profile index c9c0ca724..21b5a58ab 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Clementine profile | 1 | # Clementine media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 09f491c61..2d6323d3b 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 1 | # Firejail profile for Conkeror web browser profile |
2 | noblacklist ${HOME}/.conkeror.mozdev.org | 2 | noblacklist ${HOME}/.conkeror.mozdev.org |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 35760bf13..ec9fcd0f0 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # DeaDBeeF profile | 1 | # DeaDBeeF media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 30e9f91ad..bcd754952 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # deluge profile | 1 | # deluge bittorernt client profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -14,5 +14,6 @@ seccomp | |||
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | netfilter | 15 | netfilter |
16 | noroot | 16 | noroot |
17 | nosound | ||
17 | 18 | ||
18 | 19 | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index 7c96dc6fa..adaf03e23 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Empathy profile | 1 | # Empathy instant messaging profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -8,3 +8,5 @@ blacklist ${HOME}/.wine | |||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | netfilter | ||
12 | |||
diff --git a/etc/evince.profile b/etc/evince.profile index 070dc7be7..81878462b 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # evince profile | 1 | # evince pdf reader profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -13,3 +13,5 @@ caps.drop all | |||
13 | seccomp | 13 | seccomp |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | noroot | 15 | noroot |
16 | nosound | ||
17 | |||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index a79f36398..4ed942138 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # fbreader profile | 1 | # fbreader ebook reader profile |
2 | noblacklist ${HOME}/.FBReader | 2 | noblacklist ${HOME}/.FBReader |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
@@ -15,4 +15,5 @@ seccomp | |||
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | netfilter | 16 | netfilter |
17 | noroot | 17 | noroot |
18 | nosound | ||
18 | 19 | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 1462d134e..0eabf9a88 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # FileZilla profile | 1 | # FileZilla ftp profile |
2 | noblacklist ${HOME}/.filezilla | 2 | noblacklist ${HOME}/.filezilla |
3 | noblacklist ${HOME}/.config/filezilla | 3 | noblacklist ${HOME}/.config/filezilla |
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
@@ -12,5 +12,7 @@ seccomp | |||
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | noroot | 13 | noroot |
14 | netfilter | 14 | netfilter |
15 | nosound | ||
16 | |||
15 | 17 | ||
16 | 18 | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 03a376e2f..ab0e067c7 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -12,6 +12,7 @@ private-dev | |||
12 | whitelist /tmp/.X11-unix | 12 | whitelist /tmp/.X11-unix |
13 | seccomp | 13 | seccomp |
14 | tracelog | 14 | tracelog |
15 | netfilter | ||
15 | 16 | ||
16 | mkdir ~/.hedgewars | 17 | mkdir ~/.hedgewars |
17 | whitelist ~/.hedgewars | 18 | whitelist ~/.hedgewars |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 35b98fde6..8f9e71b44 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # HexChat profile | 1 | # HexChat instant messaging profile |
2 | noblacklist ${HOME}/.config/hexchat | 2 | noblacklist ${HOME}/.config/hexchat |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
diff --git a/etc/polari.profile b/etc/polari.profile index 389ce3d12..26d5ff27b 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -25,3 +25,5 @@ caps.drop all | |||
25 | seccomp | 25 | seccomp |
26 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
27 | noroot | 27 | noroot |
28 | netfilter | ||
29 | |||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index c68eb716b..f067aaa99 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # qbittorrent profile | 1 | # qbittorrent bittorrent profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -14,4 +14,6 @@ seccomp | |||
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | netfilter | 15 | netfilter |
16 | noroot | 16 | noroot |
17 | nosound | ||
18 | |||
17 | 19 | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index e8db77973..bc8c76915 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -9,3 +9,5 @@ caps.drop all | |||
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | noroot | 11 | noroot |
12 | netfilter | ||
13 | |||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 3326a34ed..a1a20a863 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Rhythmbox profile | 1 | # Rhythmbox media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -13,3 +13,5 @@ caps.drop all | |||
13 | seccomp | 13 | seccomp |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | noroot | 15 | noroot |
16 | netfilter | ||
17 | |||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 7ba5677e9..6041052af 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # rtorrent profile | 1 | # rtorrent bittorrent profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -9,3 +9,4 @@ seccomp | |||
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | netfilter | 10 | netfilter |
11 | noroot | 11 | noroot |
12 | nosound | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index f5ec36431..1986a513c 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Spotify profile | 1 | # Spotify media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/telegram.profile b/etc/telegram.profile index 4920b94d8..94167675c 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Telegram profile | 1 | # Telegram IRC profile |
2 | noblacklist ${HOME}/.TelegramDesktop | 2 | noblacklist ${HOME}/.TelegramDesktop |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
@@ -10,6 +10,7 @@ caps.drop all | |||
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | noroot | 12 | noroot |
13 | netfilter | ||
13 | 14 | ||
14 | whitelist ~/Downloads/Telegram Desktop | 15 | whitelist ~/Downloads/Telegram Desktop |
15 | mkdir ${HOME}/.TelegramDesktop | 16 | mkdir ${HOME}/.TelegramDesktop |
diff --git a/etc/totem.profile b/etc/totem.profile index 65c62695e..f2485a2d0 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Totem profile | 1 | # Totem media player profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -13,3 +13,4 @@ caps.drop all | |||
13 | seccomp | 13 | seccomp |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | noroot | 15 | noroot |
16 | netfilter | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 290de9445..18356a91e 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -15,6 +15,8 @@ protocol unix,inet,inet6 | |||
15 | netfilter | 15 | netfilter |
16 | noroot | 16 | noroot |
17 | tracelog | 17 | tracelog |
18 | nosound | ||
19 | |||
18 | 20 | ||
19 | 21 | ||
20 | 22 | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 6ff49e476..cd07f35c7 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -15,4 +15,6 @@ protocol unix,inet,inet6 | |||
15 | netfilter | 15 | netfilter |
16 | noroot | 16 | noroot |
17 | tracelog | 17 | tracelog |
18 | nosound | ||
19 | |||
18 | 20 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index dd0a70353..adcfbb119 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # VLC profile | 1 | # VLC media player profile |
2 | noblacklist ${HOME}/.config/vlc | 2 | noblacklist ${HOME}/.config/vlc |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
@@ -14,3 +14,4 @@ caps.drop all | |||
14 | seccomp | 14 | seccomp |
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | noroot | 16 | noroot |
17 | netfilter | ||
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile index f7c1b6590..4a92f0b34 100644 --- a/etc/weechat-curses.profile +++ b/etc/weechat-curses.profile | |||
@@ -1,2 +1,2 @@ | |||
1 | # Weechat profile (Debian) | 1 | # Weechat IRC profile (Debian) |
2 | include /etc/firejail/weechat.profile | 2 | include /etc/firejail/weechat.profile |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 218df3b33..3fbce62ca 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Weechat profile | 1 | # Weechat IRC profile |
2 | noblacklist ${HOME}/.weechat | 2 | noblacklist ${HOME}/.weechat |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
@@ -9,3 +9,4 @@ seccomp | |||
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | netfilter | 10 | netfilter |
11 | noroot | 11 | noroot |
12 | netfilter | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile index be68e0add..e2dcadc0e 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # XChat profile | 1 | # XChat IRC profile |
2 | noblacklist ${HOME}/.config/xchat | 2 | noblacklist ${HOME}/.config/xchat |
3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |