diff options
author | Tad <tad@spotco.us> | 2018-07-24 12:52:13 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-07-24 12:52:13 -0400 |
commit | e5aba00d010e9e3af3e626bedb8acf8ae37b3b75 (patch) | |
tree | 55fd2a36c7953e137dfc7ca0734cc56eb0fb6f4d /etc | |
parent | Merge pull request #2060 from SkewedZeppelin/disable-xdg (diff) | |
download | firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.gz firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.zst firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.zip |
Add disable-xdg.inc to ~100 profiles
Diffstat (limited to 'etc')
104 files changed, 214 insertions, 9 deletions
diff --git a/etc/amarok.profile b/etc/amarok.profile index 8fa919131..aff78e210 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -5,12 +5,14 @@ include /etc/firejail/amarok.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
16 | 18 | ||
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index a69bf3966..d845bd4b9 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -15,12 +15,10 @@ noblacklist ${HOME}/.java | |||
15 | noblacklist ${HOME}/.local/share/JetBrains | 15 | noblacklist ${HOME}/.local/share/JetBrains |
16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | noblacklist ${DOCUMENTS} | ||
19 | 18 | ||
20 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | ||
24 | 22 | ||
25 | caps.drop all | 23 | caps.drop all |
26 | netfilter | 24 | netfilter |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index c2090af98..aaac62bc8 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -9,12 +9,15 @@ noblacklist ${HOME}/.config/ardour4 | |||
9 | noblacklist ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
10 | noblacklist ${HOME}/.lv2 | 10 | noblacklist ${HOME}/.lv2 |
11 | noblacklist ${HOME}/.vst | 11 | noblacklist ${HOME}/.vst |
12 | noblacklist ${DOCUMENTS} | ||
13 | noblacklist ${MUSIC} | ||
12 | 14 | ||
13 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 17 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | ||
18 | 21 | ||
19 | caps.drop all | 22 | caps.drop all |
20 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/arduino.profile b/etc/arduino.profile index c8850ccb0..0ff242450 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.arduino15 | 8 | noblacklist ${HOME}/.arduino15 |
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist ${HOME}/Arduino | 10 | noblacklist ${HOME}/Arduino |
11 | noblacklist ${DOCUMENTS} | ||
11 | 12 | ||
12 | # Allow access to java | 13 | # Allow access to java |
13 | noblacklist ${PATH}/java | 14 | noblacklist ${PATH}/java |
@@ -20,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
20 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
23 | 25 | ||
24 | caps.drop all | 26 | caps.drop all |
25 | netfilter | 27 | netfilter |
diff --git a/etc/asunder.profile b/etc/asunder.profile index 1787ad0cc..4cd340bf8 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -9,12 +9,14 @@ noblacklist ${HOME}/.config/asunder | |||
9 | noblacklist ${HOME}/.asunder_album_genre | 9 | noblacklist ${HOME}/.asunder_album_genre |
10 | noblacklist ${HOME}/.asunder_album_title | 10 | noblacklist ${HOME}/.asunder_album_title |
11 | noblacklist ${HOME}/.asunder_album_artist | 11 | noblacklist ${HOME}/.asunder_album_artist |
12 | noblacklist ${MUSIC} | ||
12 | 13 | ||
13 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
18 | 20 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
20 | 22 | ||
diff --git a/etc/atril.profile b/etc/atril.profile index 95120681c..48902ec4a 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/atril | 8 | noblacklist ${HOME}/.cache/atril |
9 | noblacklist ${HOME}/.config/atril | 9 | noblacklist ${HOME}/.config/atril |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | #noblacklist ${HOME}/.local/share | 12 | #noblacklist ${HOME}/.local/share |
12 | # it seems to use only ${HOME}/.local/share/webkitgtk | 13 | # it seems to use only ${HOME}/.local/share/webkitgtk |
@@ -16,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
16 | include /etc/firejail/disable-interpreters.inc | 17 | include /etc/firejail/disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | ||
19 | 21 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
21 | 23 | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 8d3689487..cbbe15c46 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Audaciousrc | 8 | noblacklist ${HOME}/.config/Audaciousrc |
9 | noblacklist ${HOME}/.config/audacious | 9 | noblacklist ${HOME}/.config/audacious |
10 | noblacklist ${MUSIC} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
18 | 20 | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index c5e54ee24..d3c9ee4ac 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/audacity.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.audacity-data | 8 | noblacklist ${HOME}/.audacity-data |
9 | noblacklist ${DOCUMENTS} | ||
10 | noblacklist ${MUSIC} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
17 | 20 | ||
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 6507aeadb..10ef34d07 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
diff --git a/etc/calibre.profile b/etc/calibre.profile index 436ac3234..09839161e 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -7,11 +7,13 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/calibre | 8 | noblacklist ${HOME}/.cache/calibre |
9 | noblacklist ${HOME}/.config/calibre | 9 | noblacklist ${HOME}/.config/calibre |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index c63cfad8d..8397da00c 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/cherrytree.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/cherrytree | 8 | noblacklist ${HOME}/.config/cherrytree |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | noblacklist ${PATH}/python2* | 12 | noblacklist ${PATH}/python2* |
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc | |||
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
diff --git a/etc/clementine.profile b/etc/clementine.profile index ce4b8deb8..e13fd3f66 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/Clementine | 8 | noblacklist ${HOME}/.cache/Clementine |
9 | noblacklist ${HOME}/.config/Clementine | 9 | noblacklist ${HOME}/.config/Clementine |
10 | noblacklist ${MUSIC} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
18 | 20 | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index 3134fdc3e..866108aee 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
16 | 17 | ||
17 | caps.drop all | 18 | caps.drop all |
18 | netfilter | 19 | netfilter |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 03f234913..3331bde22 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/cmus.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/cmus | 8 | noblacklist ${HOME}/.config/cmus |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
diff --git a/etc/conky.profile b/etc/conky.profile index af275b915..4d2bcfa38 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
@@ -5,12 +5,14 @@ include /etc/firejail/conky.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | caps.drop all | 17 | caps.drop all |
16 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/corebird.profile b/etc/corebird.profile index a99a6b732..da1869f65 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
17 | 18 | ||
diff --git a/etc/darktable.profile b/etc/darktable.profile index 511e4e475..607a587a1 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/darktable | 8 | noblacklist ${HOME}/.cache/darktable |
9 | noblacklist ${HOME}/.config/darktable | 9 | noblacklist ${HOME}/.config/darktable |
10 | noblacklist ${PICTURES} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | caps.drop all | 19 | caps.drop all |
18 | netfilter | 20 | netfilter |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 53383d88d..8eb5776e7 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/deadbeef.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/deadbeef | 8 | noblacklist ${HOME}/.config/deadbeef |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index aeef46413..b61d68e06 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-interpreters.inc | 17 | include /etc/firejail/disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | ||
20 | 21 | ||
21 | caps.drop all | 22 | caps.drop all |
22 | net none | 23 | net none |
diff --git a/etc/dia.profile b/etc/dia.profile index fca14236f..fed5107aa 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/dia.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.dia | 8 | noblacklist ${HOME}/.dia |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | net none | 19 | net none |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 819b8fe41..2e1947419 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -9,12 +9,14 @@ noblacklist ${HOME}/.config/digikam | |||
9 | noblacklist ${HOME}/.config/digikamrc | 9 | noblacklist ${HOME}/.config/digikamrc |
10 | noblacklist ${HOME}/.kde/share/apps/digikam | 10 | noblacklist ${HOME}/.kde/share/apps/digikam |
11 | noblacklist ${HOME}/.kde4/share/apps/digikam | 11 | noblacklist ${HOME}/.kde4/share/apps/digikam |
12 | noblacklist ${PICTURES} | ||
12 | 13 | ||
13 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
18 | 20 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
20 | 22 | ||
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc index 554e3a7d5..519f00afb 100644 --- a/etc/disable-xdg.inc +++ b/etc/disable-xdg.inc | |||
@@ -2,9 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-xdg.local | 3 | include /etc/firejail/disable-xdg.local |
4 | 4 | ||
5 | #blacklist ${DESKTOP} | ||
6 | blacklist ${DOCUMENTS} | 5 | blacklist ${DOCUMENTS} |
7 | #blacklist ${DOWNLOADS} | ||
8 | blacklist ${MUSIC} | 6 | blacklist ${MUSIC} |
9 | blacklist ${PICTURES} | 7 | blacklist ${PICTURES} |
10 | blacklist ${VIDEOS} | 8 | blacklist ${VIDEOS} |
9 | |||
10 | # The following should be considered catch-all directories | ||
11 | #blacklist ${DESKTOP} | ||
12 | #blacklist ${DOWNLOADS} | ||
diff --git a/etc/display.profile b/etc/display.profile index 01196f5ac..41a426375 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | ||
9 | |||
8 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
9 | noblacklist ${PATH}/python2* | 11 | noblacklist ${PATH}/python2* |
10 | noblacklist ${PATH}/python3* | 12 | noblacklist ${PATH}/python3* |
@@ -16,6 +18,7 @@ include /etc/firejail/disable-devel.inc | |||
16 | include /etc/firejail/disable-interpreters.inc | 18 | include /etc/firejail/disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | ||
19 | 22 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
21 | 24 | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 0971451c4..f8f593c83 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
18 | 19 | ||
19 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 20 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
20 | no3d | 21 | no3d |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index fc1209c1e..6d3bb920d 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
18 | 19 | ||
19 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid | 20 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid |
20 | no3d | 21 | no3d |
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 79514c373..a2606e7e1 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
17 | 18 | ||
diff --git a/etc/dragon.profile b/etc/dragon.profile index bdaa12e75..9d7bb5748 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/dragon.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/dragonplayerrc | 8 | noblacklist ${HOME}/.config/dragonplayerrc |
9 | noblacklist ${MUSIC} | ||
10 | noblacklist ${VIDEOS} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
17 | 20 | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index 6878c4fe0..61fbab3cc 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
diff --git a/etc/enchant.profile b/etc/enchant.profile index a495122dc..5a4050102 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | caps.drop all | 17 | caps.drop all |
17 | netfilter | 18 | netfilter |
diff --git a/etc/enpass.profile b/etc/enpass.profile index 2ee7a97f6..3a30f8b04 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -4,13 +4,15 @@ include /etc/firejail/enpass.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include /etc/firejail/globals.local | 5 | include /etc/firejail/globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/Sinew Software Systems | ||
8 | noblacklist ${DOCUMENTS} | ||
9 | |||
7 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
9 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
12 | 15 | include /etc/firejail/disable-xdg.inc | |
13 | noblacklist ${HOME}/.config/Sinew Software Systems | ||
14 | 16 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
16 | 18 | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 40de5b731..d4074d0aa 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/evince.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/evince | 8 | noblacklist ${HOME}/.config/evince |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 573099429..a5ddd3bf1 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/fbreader.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.FBReader | 8 | noblacklist ${HOME}/.FBReader |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index c80588a8b..e4e763099 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/fontforge.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.FontForge | 8 | noblacklist ${HOME}/.FontForge |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | noblacklist ${PATH}/python2* | 12 | noblacklist ${PATH}/python2* |
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc | |||
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
diff --git a/etc/freecad.profile b/etc/freecad.profile index 9ea4e0f2b..8c714f37d 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/freecad.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/FreeCAD | 8 | noblacklist ${HOME}/.config/FreeCAD |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 36e354e3a..b8a297e84 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -7,10 +7,13 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/GIMP | 8 | noblacklist ${HOME}/.config/GIMP |
9 | noblacklist ${HOME}/.gimp* | 9 | noblacklist ${HOME}/.gimp* |
10 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${PICTURES} | ||
10 | 12 | ||
11 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
14 | 17 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
16 | 19 | ||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index 0df6b5e63..e414abf8c 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | caps.drop all | 17 | caps.drop all |
17 | netfilter | 18 | netfilter |
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index e834e8ec7..f11ceacca 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/gnome-mpv.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/gnome-mpv | 8 | noblacklist ${HOME}/.config/gnome-mpv |
9 | noblacklist ${MUSIC} | ||
10 | noblacklist ${VIDEOS} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
17 | 20 | ||
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index eec61b8db..90fb9814f 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/gnome-music.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/gnome-music | 8 | noblacklist ${HOME}/.local/share/gnome-music |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | noblacklist ${PATH}/python2* | 12 | noblacklist ${PATH}/python2* |
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc | |||
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
23 | 25 | ||
diff --git a/etc/goobox.profile b/etc/goobox.profile index ed7b4e761..5e5aad95b 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -5,12 +5,14 @@ include /etc/firejail/goobox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index e7e3f828c..775c79521 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/guayadeque.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.guayadeque | 8 | noblacklist ${HOME}/.guayadeque |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 60a13af3a..db2e69f8a 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-interpreters.inc | 11 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | caps.drop all | 16 | caps.drop all |
16 | netfilter | 17 | netfilter |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 6f2f3bf7f..e467eaeb5 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/handbrake.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ghb | 8 | noblacklist ${HOME}/.config/ghb |
9 | noblacklist ${MUSIC} | ||
10 | noblacklist ${VIDEOS} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
17 | 20 | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 0fb8b8704..712a09697 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.hashcat | 9 | noblacklist ${HOME}/.hashcat |
10 | noblacklist /usr/include | 10 | noblacklist /usr/include |
11 | noblacklist ${DOCUMENTS} | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | caps.drop all | 20 | caps.drop all |
19 | net none | 21 | net none |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 0f5ca9d39..e709d488d 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -8,12 +8,15 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.cache/inkscape | 8 | noblacklist ${HOME}/.cache/inkscape |
9 | noblacklist ${HOME}/.config/inkscape | 9 | noblacklist ${HOME}/.config/inkscape |
10 | noblacklist ${HOME}/.inkscape | 10 | noblacklist ${HOME}/.inkscape |
11 | noblacklist ${DOCUMENTS} | ||
12 | noblacklist ${PICTURES} | ||
11 | 13 | ||
12 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
17 | 20 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
19 | 22 | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index ca23cedfa..81e538153 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
22 | 23 | ||
23 | caps.drop all | 24 | caps.drop all |
24 | net none | 25 | net none |
diff --git a/etc/k3b.profile b/etc/k3b.profile index 38ad97354..8474c490d 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.config/k3brc | 8 | noblacklist ${HOME}/.config/k3brc |
9 | noblacklist ${HOME}/.kde/share/config/k3brc | 9 | noblacklist ${HOME}/.kde/share/config/k3brc |
10 | noblacklist ${HOME}/.kde4/share/config/k3brc | 10 | noblacklist ${HOME}/.kde4/share/config/k3brc |
11 | noblacklist ${MUSIC} | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
19 | 21 | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index 03f27d3fa..7b0935030 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -12,12 +12,14 @@ noblacklist ${HOME}/.config/keepass | |||
12 | noblacklist ${HOME}/.keepass | 12 | noblacklist ${HOME}/.keepass |
13 | noblacklist ${HOME}/.local/share/KeePass | 13 | noblacklist ${HOME}/.local/share/KeePass |
14 | noblacklist ${HOME}/.local/share/keepass | 14 | noblacklist ${HOME}/.local/share/keepass |
15 | noblacklist ${DOCUMENTS} | ||
15 | 16 | ||
16 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 7a5e57d72..e749a1dfc 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -9,12 +9,14 @@ noblacklist ${HOME}/*.kdb | |||
9 | noblacklist ${HOME}/*.kdbx | 9 | noblacklist ${HOME}/*.kdbx |
10 | noblacklist ${HOME}/.config/keepassx | 10 | noblacklist ${HOME}/.config/keepassx |
11 | noblacklist ${HOME}/.keepassx | 11 | noblacklist ${HOME}/.keepassx |
12 | noblacklist ${DOCUMENTS} | ||
12 | 13 | ||
13 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
18 | 20 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
20 | 22 | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 0edb375b3..b7bcc7b87 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.config/keepassxc | |||
11 | noblacklist ${HOME}/.keepassxc | 11 | noblacklist ${HOME}/.keepassxc |
12 | # 2.2.4 needs this path when compiled with "Native messaging browser extension" | 12 | # 2.2.4 needs this path when compiled with "Native messaging browser extension" |
13 | noblacklist ${HOME}/.mozilla | 13 | noblacklist ${HOME}/.mozilla |
14 | noblacklist ${DOCUMENTS} | ||
14 | 15 | ||
15 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 18 | include /etc/firejail/disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | ||
20 | 22 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
22 | 24 | ||
diff --git a/etc/kodi.profile b/etc/kodi.profile index 85058da3e..9726304cc 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -6,6 +6,9 @@ include /etc/firejail/kodi.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.kodi | 8 | noblacklist ${HOME}/.kodi |
9 | noblacklist ${MUSIC} | ||
10 | noblacklist ${PICTURES} | ||
11 | noblacklist ${VIDEOS} | ||
9 | 12 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | noblacklist ${PATH}/python2* | 14 | noblacklist ${PATH}/python2* |
@@ -18,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
18 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
21 | 25 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
23 | 27 | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 01f7b6ff8..723a8623a 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -7,6 +7,8 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/kritarc | 8 | noblacklist ${HOME}/.config/kritarc |
9 | noblacklist ${HOME}/.local/share/krita | 9 | noblacklist ${HOME}/.local/share/krita |
10 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${PICTURES} | ||
10 | 12 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | noblacklist ${PATH}/python2* | 14 | noblacklist ${PATH}/python2* |
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
22 | 25 | ||
23 | apparmor | 26 | apparmor |
24 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index e416a5591..3297be3b6 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -12,12 +12,14 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc | |||
12 | noblacklist ${HOME}/.config/katevirc | 12 | noblacklist ${HOME}/.config/katevirc |
13 | noblacklist ${HOME}/.config/kwriterc | 13 | noblacklist ${HOME}/.config/kwriterc |
14 | noblacklist ${HOME}/.local/share/kwrite | 14 | noblacklist ${HOME}/.local/share/kwrite |
15 | noblacklist ${DOCUMENTS} | ||
15 | 16 | ||
16 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
23 | 25 | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 4aafd7c7a..3caebf208 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | noblacklist ${DOCUMENTS} | ||
11 | 12 | ||
12 | # libreoffice uses java; if you don't care about java functionality, | 13 | # libreoffice uses java; if you don't care about java functionality, |
13 | # comment the next four lines | 14 | # comment the next four lines |
@@ -20,6 +21,7 @@ include /etc/firejail/disable-common.inc | |||
20 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
23 | 25 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
25 | 27 | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 1eef6db3b..ed893f53e 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -5,19 +5,21 @@ include /etc/firejail/lollypop.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/lollypop | ||
9 | noblacklist ${MUSIC} | ||
10 | |||
8 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
9 | noblacklist ${PATH}/python2* | 12 | noblacklist ${PATH}/python2* |
10 | noblacklist ${PATH}/python3* | 13 | noblacklist ${PATH}/python3* |
11 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
12 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
13 | 16 | ||
14 | noblacklist ${HOME}/.local/share/lollypop | ||
15 | |||
16 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 8104a2886..05a1c2bb5 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/luminance-hdr.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Luminance | 8 | noblacklist ${HOME}/.config/Luminance |
9 | noblacklist ${PICTURES} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 5962c7dc7..44aa0537b 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/xmms2 | 8 | noblacklist ${HOME}/.cache/xmms2 |
9 | noblacklist ${HOME}/.config/xmms2 | 9 | noblacklist ${HOME}/.config/xmms2 |
10 | noblacklist ${MUSIC} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
18 | 20 | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile index ba5322787..0f4de2fee 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | caps.drop all | 17 | caps.drop all |
17 | netfilter | 18 | netfilter |
diff --git a/etc/mpd.profile b/etc/mpd.profile index 2ad520633..50ef915ce 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.config/mpd | 8 | noblacklist ${HOME}/.config/mpd |
9 | noblacklist ${HOME}/.mpd | 9 | noblacklist ${HOME}/.mpd |
10 | noblacklist ${HOME}/.mpdconf | 10 | noblacklist ${HOME}/.mpdconf |
11 | noblacklist ${MUSIC} | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | caps.drop all | 20 | caps.drop all |
19 | netfilter | 21 | netfilter |
diff --git a/etc/mpv.profile b/etc/mpv.profile index 18233c31b..93a574881 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -7,6 +7,8 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mpv | 8 | noblacklist ${HOME}/.config/mpv |
9 | noblacklist ${HOME}/.netrc | 9 | noblacklist ${HOME}/.netrc |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
10 | 12 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | noblacklist ${PATH}/python2* | 14 | noblacklist ${PATH}/python2* |
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
22 | 25 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
24 | 27 | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 9ccdf60a8..632e3c66a 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -5,11 +5,14 @@ include /etc/firejail/mupdf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
13 | 16 | ||
14 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
15 | 18 | ||
diff --git a/etc/musescore.profile b/etc/musescore.profile index 5b07a59da..4e28051a4 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -9,12 +9,15 @@ noblacklist ${HOME}/.config/MusE | |||
9 | noblacklist ${HOME}/.config/MuseScore | 9 | noblacklist ${HOME}/.config/MuseScore |
10 | noblacklist ${HOME}/.local/share/data/MusE | 10 | noblacklist ${HOME}/.local/share/data/MusE |
11 | noblacklist ${HOME}/.local/share/data/MuseScore | 11 | noblacklist ${HOME}/.local/share/data/MuseScore |
12 | noblacklist ${DOCUMENTS} | ||
13 | noblacklist ${MUSIC} | ||
12 | 14 | ||
13 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 17 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | ||
18 | 21 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
20 | 23 | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 7529dd1bb..6d638e6e6 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -6,12 +6,16 @@ include /etc/firejail/obs.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/obs-studio | 8 | noblacklist ${HOME}/.config/obs-studio |
9 | noblacklist ${MUSIC} | ||
10 | noblacklist ${PICTURES} | ||
11 | noblacklist ${VIDEOS} | ||
9 | 12 | ||
10 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
15 | 19 | ||
16 | caps.drop all | 20 | caps.drop all |
17 | nodvd | 21 | nodvd |
diff --git a/etc/okular.profile b/etc/okular.profile index 50b69ceaf..8fe3b9354 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -15,12 +15,14 @@ noblacklist ${HOME}/.kde4/share/apps/okular | |||
15 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 15 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
16 | noblacklist ${HOME}/.kde4/share/config/okularrc | 16 | noblacklist ${HOME}/.kde4/share/config/okularrc |
17 | noblacklist ${HOME}/.local/share/okular | 17 | noblacklist ${HOME}/.local/share/okular |
18 | noblacklist ${DOCUMENTS} | ||
18 | 19 | ||
19 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 22 | include /etc/firejail/disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 23 | include /etc/firejail/disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 24 | include /etc/firejail/disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | ||
24 | 26 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 27 | include /etc/firejail/whitelist-var-common.inc |
26 | 28 | ||
diff --git a/etc/orage.profile b/etc/orage.profile index 2ac420f05..89720ce34 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
16 | 17 | ||
17 | caps.drop all | 18 | caps.drop all |
18 | netfilter | 19 | netfilter |
diff --git a/etc/parole.profile b/etc/parole.profile index 36ae97726..f98703bd6 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -5,12 +5,15 @@ include /etc/firejail/parole.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | ||
9 | noblacklist ${VIDEOS} | ||
8 | 10 | ||
9 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
14 | 17 | ||
15 | caps.drop all | 18 | caps.drop all |
16 | netfilter | 19 | netfilter |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index 8da5869e3..f6a615632 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -5,11 +5,14 @@ include /etc/firejail/pdfchain.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
13 | 16 | ||
14 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
15 | 18 | ||
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index aa674419d..2e3573121 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/pdfmod | 8 | noblacklist ${HOME}/.cache/pdfmod |
9 | noblacklist ${HOME}/.config/pdfmod | 9 | noblacklist ${HOME}/.config/pdfmod |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
18 | 20 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index fbd7ec179..daae31338 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/pdfsam.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # Allow access to java | ||
9 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist ${DOCUMENTS} | ||
10 | 10 | ||
11 | # Allow access to java | 11 | # Allow access to java |
12 | noblacklist ${PATH}/java | 12 | noblacklist ${PATH}/java |
@@ -19,6 +19,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | ||
22 | 23 | ||
23 | caps.drop all | 24 | caps.drop all |
24 | machine-id | 25 | machine-id |
diff --git a/etc/peek.profile b/etc/peek.profile index 5d5a32b8a..edc43d006 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/peek.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/peek | 8 | noblacklist ${HOME}/.cache/peek |
9 | noblacklist ${PICTURES} | ||
10 | noblacklist ${VIDEOS} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | caps.drop all | 19 | caps.drop all |
17 | net none | 20 | net none |
diff --git a/etc/picard.profile b/etc/picard.profile index 484b0e6b2..4031d51f5 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/MusicBrainz | 8 | noblacklist ${HOME}/.cache/MusicBrainz |
9 | noblacklist ${HOME}/.config/MusicBrainz | 9 | noblacklist ${HOME}/.config/MusicBrainz |
10 | noblacklist ${MUSIC} | ||
10 | 11 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | noblacklist ${PATH}/python2* | 13 | noblacklist ${PATH}/python2* |
@@ -19,6 +20,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 20 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | ||
22 | 24 | ||
23 | caps.drop all | 25 | caps.drop all |
24 | no3d | 26 | no3d |
diff --git a/etc/ping.profile b/etc/ping.profile index d014fb82c..8fd315e44 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-interpreters.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/whitelist-common.inc | 14 | include /etc/firejail/whitelist-common.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | caps.keep net_raw | 17 | caps.keep net_raw |
17 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 010de0d3e..335659430 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -6,12 +6,15 @@ include /etc/firejail/pinta.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Pinta | 8 | noblacklist ${HOME}/.config/Pinta |
9 | noblacklist ${DOCUMENTS} | ||
10 | noblacklist ${PICTURES} | ||
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
15 | 18 | ||
16 | caps.drop all | 19 | caps.drop all |
17 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/pithos.profile b/etc/pithos.profile index c7eac0d53..7f0ba56b8 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc | |||
16 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
19 | 20 | ||
20 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
21 | 22 | ||
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index e19a7b42a..073108464 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/ppsspp.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ppsspp | 8 | noblacklist ${HOME}/.config/ppsspp |
9 | noblacklist ${DOCUMENTS} | ||
9 | # with >=llvm-4 mesa drivers need llvm stuff | 10 | # with >=llvm-4 mesa drivers need llvm stuff |
10 | noblacklist /usr/lib/llvm* | 11 | noblacklist /usr/lib/llvm* |
11 | 12 | ||
@@ -14,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
19 | 21 | ||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 079270909..a99825a0c 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | caps.drop all | 17 | caps.drop all |
17 | netfilter | 18 | netfilter |
diff --git a/etc/qmmp.profile b/etc/qmmp.profile index 2382e9453..5c3873b7f 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile | |||
@@ -6,11 +6,13 @@ include /etc/firejail/qmmp.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.qmmp | 8 | noblacklist ${HOME}/.qmmp |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index e422d2196..6057bf4f1 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/qpdfview | 8 | noblacklist ${HOME}/.config/qpdfview |
9 | noblacklist ${HOME}/.local/share/qpdfview | 9 | noblacklist ${HOME}/.local/share/qpdfview |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
18 | 20 | ||
diff --git a/etc/remmina.profile b/etc/remmina.profile index 50746c60e..71f4bb94f 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
18 | 19 | ||
19 | caps.drop all | 20 | caps.drop all |
20 | nodvd | 21 | nodvd |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 57e1ce5f0..ca06845a5 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/rhythmbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
@@ -12,6 +13,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | #include /etc/firejail/disable-interpreters.inc | 13 | #include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 756bd99eb..8a369be7e 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile | |||
@@ -6,11 +6,13 @@ include /etc/firejail/sayonara.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Sayonara | 8 | noblacklist ${HOME}/.Sayonara |
9 | noblacklist ${MUSIC} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
diff --git a/etc/scallion.profile b/etc/scallion.profile index 645f0423c..35cd04f8f 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile | |||
@@ -10,11 +10,13 @@ noblacklist ${PATH}/llvm* | |||
10 | noblacklist /usr/lib/llvm* | 10 | noblacklist /usr/lib/llvm* |
11 | noblacklist ${PATH}/openssl | 11 | noblacklist ${PATH}/openssl |
12 | noblacklist ${PATH}/openssl-1.0 | 12 | noblacklist ${PATH}/openssl-1.0 |
13 | noblacklist ${DOCUMENTS} | ||
13 | 14 | ||
14 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
18 | 20 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
20 | 22 | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index c7c8ca72c..f08c57c1b 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -22,6 +22,8 @@ noblacklist ${HOME}/.kde4/share/config/okularrc | |||
22 | noblacklist ${HOME}/.local/share/okular | 22 | noblacklist ${HOME}/.local/share/okular |
23 | noblacklist ${HOME}/.local/share/scribus | 23 | noblacklist ${HOME}/.local/share/scribus |
24 | noblacklist ${HOME}/.scribus | 24 | noblacklist ${HOME}/.scribus |
25 | noblacklist ${DOCUMENTS} | ||
26 | noblacklist ${PICTURES} | ||
25 | 27 | ||
26 | # Allow python (blacklisted by disable-interpreters.inc) | 28 | # Allow python (blacklisted by disable-interpreters.inc) |
27 | noblacklist ${PATH}/python2* | 29 | noblacklist ${PATH}/python2* |
@@ -34,6 +36,7 @@ include /etc/firejail/disable-devel.inc | |||
34 | include /etc/firejail/disable-interpreters.inc | 36 | include /etc/firejail/disable-interpreters.inc |
35 | include /etc/firejail/disable-passwdmgr.inc | 37 | include /etc/firejail/disable-passwdmgr.inc |
36 | include /etc/firejail/disable-programs.inc | 38 | include /etc/firejail/disable-programs.inc |
39 | include /etc/firejail/disable-xdg.inc | ||
37 | 40 | ||
38 | include /etc/firejail/whitelist-var-common.inc | 41 | include /etc/firejail/whitelist-var-common.inc |
39 | 42 | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index fbe1b2de5..e318dd568 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-interpreters.inc | 17 | include /etc/firejail/disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | ||
20 | 21 | ||
21 | caps.drop all | 22 | caps.drop all |
22 | net none | 23 | net none |
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index c83c56798..0fa19e610 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-common.inc | |||
11 | include /etc/firejail/disable-interpreters.inc | 11 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
16 | 17 | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 02c7cc6ed..3e8a4e41b 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/simple-scan.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/simple-scan | 8 | noblacklist ${HOME}/.cache/simple-scan |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index ee027bf51..5bac0a90d 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -5,11 +5,14 @@ include /etc/firejail/skanlite.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
13 | 16 | ||
14 | caps.drop all | 17 | caps.drop all |
15 | # net none | 18 | # net none |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 63c13ff37..2e792d891 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -7,12 +7,15 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/smplayer | 8 | noblacklist ${HOME}/.config/smplayer |
9 | noblacklist ${HOME}/.mplayer | 9 | noblacklist ${HOME}/.mplayer |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
10 | 12 | ||
11 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
16 | 19 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
18 | 21 | ||
diff --git a/etc/smtube.profile b/etc/smtube.profile index 040a7c754..67de1490c 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.config/mpv | |||
11 | noblacklist ${HOME}/.mplayer | 11 | noblacklist ${HOME}/.mplayer |
12 | noblacklist ${HOME}/.config/vlc | 12 | noblacklist ${HOME}/.config/vlc |
13 | noblacklist ${HOME}/.local/share/vlc | 13 | noblacklist ${HOME}/.local/share/vlc |
14 | noblacklist ${VIDEOS} | ||
14 | 15 | ||
15 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 18 | include /etc/firejail/disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | ||
20 | 22 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
22 | 24 | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index b15ba266b..a7c8dfce6 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/soundconverter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | ||
9 | |||
8 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
9 | noblacklist ${PATH}/python2* | 11 | noblacklist ${PATH}/python2* |
10 | noblacklist ${PATH}/python3* | 12 | noblacklist ${PATH}/python3* |
@@ -16,6 +18,7 @@ include /etc/firejail/disable-devel.inc | |||
16 | include /etc/firejail/disable-interpreters.inc | 18 | include /etc/firejail/disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | ||
19 | 22 | ||
20 | caps.drop all | 23 | caps.drop all |
21 | net none | 24 | net none |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 7bb7080e3..5fee722bf 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/sqlitebrowser.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/sqlitebrowser | 8 | noblacklist ${HOME}/.config/sqlitebrowser |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | caps.drop all | 18 | caps.drop all |
17 | net none | 19 | net none |
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index e7eb01eb5..fe9760ad4 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-interpreters.inc | 11 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
16 | 17 | ||
diff --git a/etc/tor.profile b/etc/tor.profile index e37fd232c..cbe932104 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
21 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
24 | 25 | ||
25 | caps.keep setuid,setgid,net_bind_service,dac_read_search | 26 | caps.keep setuid,setgid,net_bind_service,dac_read_search |
26 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/totem.profile b/etc/totem.profile index 0b9252d6c..3ac25440b 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -7,12 +7,15 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/totem | 8 | noblacklist ${HOME}/.config/totem |
9 | noblacklist ${HOME}/.local/share/totem | 9 | noblacklist ${HOME}/.local/share/totem |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
10 | 12 | ||
11 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
16 | 19 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
18 | 21 | ||
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 70d694ac9..d4016d061 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -5,11 +5,14 @@ include /etc/firejail/uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
13 | 16 | ||
14 | caps.drop all | 17 | caps.drop all |
15 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 35bda2edc..3d7ca7285 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
18 | 19 | ||
19 | whitelist /var/lib/unbound | 20 | whitelist /var/lib/unbound |
20 | whitelist /var/run | 21 | whitelist /var/run |
diff --git a/etc/viking.profile b/etc/viking.profile index fa87b915c..a5a01f544 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.viking | 8 | noblacklist ${HOME}/.viking |
9 | noblacklist ${HOME}/.viking-maps | 9 | noblacklist ${HOME}/.viking-maps |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | caps.drop all | 19 | caps.drop all |
18 | netfilter | 20 | netfilter |
diff --git a/etc/vlc.profile b/etc/vlc.profile index bda027aaa..41f482d49 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -8,12 +8,15 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.cache/vlc | 8 | noblacklist ${HOME}/.cache/vlc |
9 | noblacklist ${HOME}/.config/vlc | 9 | noblacklist ${HOME}/.config/vlc |
10 | noblacklist ${HOME}/.local/share/vlc | 10 | noblacklist ${HOME}/.local/share/vlc |
11 | noblacklist ${MUSIC} | ||
12 | noblacklist ${VIDEOS} | ||
11 | 13 | ||
12 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 16 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | ||
17 | 20 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
19 | 22 | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile index bfc7874cf..22843ca54 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 8ab672279..2b597ba35 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/wireshark | 8 | noblacklist ${HOME}/.config/wireshark |
9 | noblacklist ${HOME}/.wireshark | 9 | noblacklist ${HOME}/.wireshark |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | # Wireshark can use Lua for scripting | 12 | # Wireshark can use Lua for scripting |
12 | noblacklist ${PATH}/lua* | 13 | noblacklist ${PATH}/lua* |
@@ -19,6 +20,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 20 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | ||
22 | 24 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 25 | include /etc/firejail/whitelist-var-common.inc |
24 | 26 | ||
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index 9e68ab17d..dd7c66523 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/disable-devel.inc | |||
10 | include /etc/firejail/disable-interpreters.inc | 10 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-xdg.inc | ||
13 | 14 | ||
14 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
15 | 16 | ||
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index ec98d8557..7a445f6a5 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
16 | 17 | ||
17 | mkdir ${HOME}/.xmr-stak | 18 | mkdir ${HOME}/.xmr-stak |
18 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index e61e9f5a8..b689ccb25 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/xpdf.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xpdfrc | 8 | noblacklist ${HOME}/.xpdfrc |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 965517293..fcb0a8a52 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -7,6 +7,8 @@ include /etc/firejail/youtube-dl.local | |||
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.netrc | 9 | noblacklist ${HOME}/.netrc |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
10 | 12 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | noblacklist ${PATH}/python2* | 14 | noblacklist ${PATH}/python2* |
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc | |||
19 | include /etc/firejail/disable-interpreters.inc | 21 | include /etc/firejail/disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
22 | 25 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
24 | 27 | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 6cdbbe99b..baeca8d19 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/zathura | 8 | noblacklist ${HOME}/.config/zathura |
9 | noblacklist ${HOME}/.local/share/zathura | 9 | noblacklist ${HOME}/.local/share/zathura |
10 | noblacklist ${DOCUMENTS} | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
16 | 18 | ||
17 | caps.drop all | 19 | caps.drop all |
18 | machine-id | 20 | machine-id |