aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Reiner Herrmann <reiner@reiner-h.de>2020-12-29 23:55:53 +0100
committerLibravatar GitHub <noreply@github.com>2020-12-29 23:55:53 +0100
commit14c9b3199bd986d09793d0347aad9289b934cef8 (patch)
tree2d6fcbb27d7f5ac7fa92ac3fd01313edceaa5590 /etc
parentOn Debian/Ubunbtu microsoft-edge redirects to dev-channel right now (diff)
parentMerge pull request #3847 from bbhtt/small_fixes (diff)
downloadfirejail-14c9b3199bd986d09793d0347aad9289b934cef8.tar.gz
firejail-14c9b3199bd986d09793d0347aad9289b934cef8.tar.zst
firejail-14c9b3199bd986d09793d0347aad9289b934cef8.zip
Merge branch 'master' into browsers
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/disable-programs.inc5
-rw-r--r--etc/profile-a-l/alacarte.profile2
-rw-r--r--etc/profile-a-l/element-desktop.profile5
-rw-r--r--etc/profile-a-l/feh.profile1
-rw-r--r--etc/profile-a-l/keepassxc.profile7
-rw-r--r--etc/profile-a-l/links.profile1
-rw-r--r--etc/profile-a-l/lynx.profile1
-rw-r--r--etc/profile-m-z/matrix-mirage.profile24
-rw-r--r--etc/profile-m-z/mirage.profile3
-rw-r--r--etc/profile-m-z/nheko.profile18
-rw-r--r--etc/profile-m-z/spectral.profile4
11 files changed, 62 insertions, 9 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index fe0f96857..7ab11e620 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -303,6 +303,7 @@ blacklist ${HOME}/.config/mana
303blacklist ${HOME}/.config/mate-calc 303blacklist ${HOME}/.config/mate-calc
304blacklist ${HOME}/.config/mate/eom 304blacklist ${HOME}/.config/mate/eom
305blacklist ${HOME}/.config/mate/mate-dictionary 305blacklist ${HOME}/.config/mate/mate-dictionary
306blacklist ${HOME}/.config/matrix-mirage
306blacklist ${HOME}/.config/meld 307blacklist ${HOME}/.config/meld
307blacklist ${HOME}/.config/meteo-qt 308blacklist ${HOME}/.config/meteo-qt
308blacklist ${HOME}/.config/menulibre.cfg 309blacklist ${HOME}/.config/menulibre.cfg
@@ -673,6 +674,7 @@ blacklist ${HOME}/.local/share/lugaru
673blacklist ${HOME}/.local/share/lutris 674blacklist ${HOME}/.local/share/lutris
674blacklist ${HOME}/.local/share/mana 675blacklist ${HOME}/.local/share/mana
675blacklist ${HOME}/.local/share/maps-places.json 676blacklist ${HOME}/.local/share/maps-places.json
677blacklist ${HOME}/.local/share/matrix-mirage
676blacklist ${HOME}/.local/share/meld 678blacklist ${HOME}/.local/share/meld
677blacklist ${HOME}/.local/share/midori 679blacklist ${HOME}/.local/share/midori
678blacklist ${HOME}/.local/share/mirage 680blacklist ${HOME}/.local/share/mirage
@@ -946,6 +948,7 @@ blacklist ${HOME}/.cache/librewolf
946blacklist ${HOME}/.cache/liferea 948blacklist ${HOME}/.cache/liferea
947blacklist ${HOME}/.cache/lutris 949blacklist ${HOME}/.cache/lutris
948blacklist ${HOME}/.cache/Mendeley Ltd. 950blacklist ${HOME}/.cache/Mendeley Ltd.
951blacklist ${HOME}/.cache/matrix-mirage
949blacklist ${HOME}/.cache/microsoft-edge-dev 952blacklist ${HOME}/.cache/microsoft-edge-dev
950blacklist ${HOME}/.cache/midori 953blacklist ${HOME}/.cache/midori
951blacklist ${HOME}/.cache/minetest 954blacklist ${HOME}/.cache/minetest
@@ -962,7 +965,7 @@ blacklist ${HOME}/.cache/ms-skype-online
962blacklist ${HOME}/.cache/ms-word-online 965blacklist ${HOME}/.cache/ms-word-online
963blacklist ${HOME}/.cache/mutt 966blacklist ${HOME}/.cache/mutt
964blacklist ${HOME}/.cache/mypaint 967blacklist ${HOME}/.cache/mypaint
965blacklist ${HOME}/.cache/nheko/nheko 968blacklist ${HOME}/.cache/nheko
966blacklist ${HOME}/.cache/netsurf 969blacklist ${HOME}/.cache/netsurf
967blacklist ${HOME}/.cache/okular 970blacklist ${HOME}/.cache/okular
968blacklist ${HOME}/.cache/opera 971blacklist ${HOME}/.cache/opera
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index 8f7640ffe..98188d2a7 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -49,7 +49,7 @@ shell none
49tracelog 49tracelog
50 50
51disable-mnt 51disable-mnt
52private-bin alacarte,bash,python*,sh 52# private-bin alacarte,bash,python*,sh
53private-cache 53private-cache
54private-dev 54private-dev
55private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg 55private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index 2d56369cd..48a826f2e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -7,6 +7,8 @@ include element-desktop.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10ignore dbus-user none
11
10noblacklist ${HOME}/.config/Element 12noblacklist ${HOME}/.config/Element
11 13
12mkdir ${HOME}/.config/Element 14mkdir ${HOME}/.config/Element
@@ -15,5 +17,8 @@ whitelist /opt/Element
15 17
16private-opt Element 18private-opt Element
17 19
20dbus-user filter
21dbus-user.talk org.freedesktop.secrets
22
18# Redirect 23# Redirect
19include riot-desktop.profile 24include riot-desktop.profile
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
index 3ee07e559..8ac7755de 100644
--- a/etc/profile-a-l/feh.profile
+++ b/etc/profile-a-l/feh.profile
@@ -1,6 +1,7 @@
1# Firejail profile for feh 1# Firejail profile for feh
2# Description: imlib2 based image viewer 2# Description: imlib2 based image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet
4# Persistent local customizations 5# Persistent local customizations
5include feh.local 6include feh.local
6# Persistent global definitions 7# Persistent global definitions
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 58db056b2..456f1820d 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -73,12 +73,11 @@ dbus-user.talk org.freedesktop.login1.Session
73dbus-user.talk org.gnome.ScreenSaver 73dbus-user.talk org.gnome.ScreenSaver
74dbus-user.talk org.gnome.SessionManager 74dbus-user.talk org.gnome.SessionManager
75dbus-user.talk org.gnome.SessionManager.Presence 75dbus-user.talk org.gnome.SessionManager.Presence
76# Uncomment or add to your keepassxc.local to allow Notifications/Tray. 76# Uncomment or add to your keepassxc.local to allow Notifications.
77#dbus-user.talk org.freedesktop.Notifications 77#dbus-user.talk org.freedesktop.Notifications
78# Uncomment or add to your keepassxc.local to allow Tray.
78#dbus-user.talk org.kde.StatusNotifierWatcher 79#dbus-user.talk org.kde.StatusNotifierWatcher
79# These numbers seems to be not stable, see #3713. Play around with them. 80#dbus-user.own org.kde.*
80#dbus-user.own org.kde.StatusNotifierItem-2-2
81#dbus-user.own org.kde.StatusNotifierItem-10-2
82dbus-system none 81dbus-system none
83 82
84# Mutex is stored in /tmp by default, which is broken by private-tmp 83# Mutex is stored in /tmp by default, which is broken by private-tmp
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index b2f94d3cf..ccc77f274 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -1,6 +1,7 @@
1# Firejail profile for links 1# Firejail profile for links
2# Description: Text WWW browser 2# Description: Text WWW browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet
4# Persistent local customizations 5# Persistent local customizations
5include links.local 6include links.local
6# Persistent global definitions 7# Persistent global definitions
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index dbd0a61e5..76a0e7ed0 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -1,6 +1,7 @@
1# Firejail profile for lynx 1# Firejail profile for lynx
2# Description: Classic non-graphical (text-mode) web browser 2# Description: Classic non-graphical (text-mode) web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet
4# Persistent local customizations 5# Persistent local customizations
5include lynx.local 6include lynx.local
6# Persistent global definitions 7# Persistent global definitions
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile
new file mode 100644
index 000000000..b3080df88
--- /dev/null
+++ b/etc/profile-m-z/matrix-mirage.profile
@@ -0,0 +1,24 @@
1# Firejail profile for matrix-mirage
2# Description: Debian name for mirage binary/package
3# This file is overwritten after every install/update
4# Persistent local customizations
5include matrix-mirage.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10noblacklist ${HOME}/.cache/matrix-mirage
11noblacklist ${HOME}/.config/matrix-mirage
12noblacklist ${HOME}/.local/share/matrix-mirage
13
14mkdir ${HOME}/.cache/matrix-mirage
15mkdir ${HOME}/.config/matrix-mirage
16mkdir ${HOME}/.local/share/matrix-mirage
17whitelist ${HOME}/.cache/matrix-mirage
18whitelist ${HOME}/.config/matrix-mirage
19whitelist ${HOME}/.local/share/matrix-mirage
20
21private-bin matrix-mirage
22
23# Redirect
24include mirage.profile
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index 55c11be29..7130267e8 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -9,6 +9,7 @@ include globals.local
9noblacklist ${HOME}/.cache/mirage 9noblacklist ${HOME}/.cache/mirage
10noblacklist ${HOME}/.config/mirage 10noblacklist ${HOME}/.config/mirage
11noblacklist ${HOME}/.local/share/mirage 11noblacklist ${HOME}/.local/share/mirage
12noblacklist /sbin
12 13
13include allow-python2.inc 14include allow-python2.inc
14include allow-python3.inc 15include allow-python3.inc
@@ -49,7 +50,7 @@ shell none
49tracelog 50tracelog
50 51
51disable-mnt 52disable-mnt
52private-bin mirage 53private-bin ldconfig,mirage
53private-cache 54private-cache
54private-dev 55private-dev
55private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg 56private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 701098f4b..42e7e92fc 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -7,7 +7,7 @@ include nheko.local
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nheko 9noblacklist ${HOME}/.config/nheko
10noblacklist ${HOME}/.cache/nheko/nheko 10noblacklist ${HOME}/.cache/nheko
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -16,14 +16,19 @@ include disable-interpreters.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-xdg.inc
19 20
20mkdir ${HOME}/.config/nheko 21mkdir ${HOME}/.config/nheko
21mkdir ${HOME}/.cache/nheko/nheko 22mkdir ${HOME}/.cache/nheko/nheko
22whitelist ${HOME}/.config/nheko 23whitelist ${HOME}/.config/nheko
23whitelist ${HOME}/.cache/nheko/nheko 24whitelist ${HOME}/.cache/nheko
24whitelist ${DOWNLOADS} 25whitelist ${DOWNLOADS}
25include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc
26 30
31apparmor
27caps.drop all 32caps.drop all
28netfilter 33netfilter
29nodvd 34nodvd
@@ -38,5 +43,14 @@ tracelog
38 43
39disable-mnt 44disable-mnt
40private-bin nheko 45private-bin nheko
46private-cache
47private-dev
48private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
41private-tmp 49private-tmp
42 50
51dbus-user none
52# Comment the above line and uncomment below lines for notification popups
53# dbus-user filter
54# dbus-user.talk org.freedesktop.Notifications
55# dbus-user.talk org.kde.StatusNotifierWatcher
56dbus-system none
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 66e917432..093661d8c 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -50,4 +50,8 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,
50private-tmp 50private-tmp
51 51
52dbus-user none 52dbus-user none
53# Comment the above line and uncomment below lines for notification popups
54# dbus-user filter
55# dbus-user.talk org.freedesktop.Notifications
56# dbus-user.talk org.kde.StatusNotifierWatcher
53dbus-system none 57dbus-system none
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 17:39:39 +0000