aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2019-03-12 23:45:13 +0100
committerLibravatar smitsohu <smitsohu@gmail.com>2019-03-12 23:45:13 +0100
commit1862d24fd9990bfc61f9ae9710f089b3d8038427 (patch)
tree5ac042c886e49d7cd975af2b6cdb8b4827270fd1 /etc
parentadd disable-exec.inc to all profiles with apparmor (#2576) (diff)
downloadfirejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.tar.gz
firejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.tar.zst
firejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.zip
add disable-exec.inc to few more profiles
Diffstat (limited to 'etc')
-rw-r--r--etc/baloo_file.profile4
-rw-r--r--etc/default.profile4
-rw-r--r--etc/keepassx.profile3
-rw-r--r--etc/keepassxc.profile3
-rw-r--r--etc/kget.profile3
-rw-r--r--etc/konversation.profile3
-rw-r--r--etc/ktorrent.profile3
-rw-r--r--etc/kwin_x11.profile4
-rw-r--r--etc/mupdf.profile1
-rw-r--r--etc/musescore.profile4
-rw-r--r--etc/qpdfview.profile3
-rw-r--r--etc/torbrowser-launcher.profile5
12 files changed, 15 insertions, 25 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 176d8cae7..f46987cc7 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -19,6 +19,7 @@ noblacklist ${HOME}/.local/share/baloo
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-interpreters.inc 23include disable-interpreters.inc
23include disable-passwdmgr.inc 24include disable-passwdmgr.inc
24include disable-programs.inc 25include disable-programs.inc
@@ -46,6 +47,3 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb
46private-cache 47private-cache
47private-dev 48private-dev
48private-tmp 49private-tmp
49
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/default.profile b/etc/default.profile
index 917e42287..efa66d5db 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -10,11 +10,13 @@ include globals.local
10 10
11include disable-common.inc 11include disable-common.inc
12# include disable-devel.inc 12# include disable-devel.inc
13# include disable-exec.inc
13# include disable-interpreters.inc 14# include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
16#include disable-xdg.inc 17#include disable-xdg.inc
17 18
19# apparmor
18caps.drop all 20caps.drop all
19# ipc-namespace 21# ipc-namespace
20netfilter 22netfilter
@@ -42,5 +44,3 @@ seccomp
42# private-tmp 44# private-tmp
43 45
44# memory-deny-write-execute 46# memory-deny-write-execute
45# noexec ${HOME}
46# noexec /tmp
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 357eb435d..44e9c67bb 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -14,6 +14,7 @@ noblacklist ${DOCUMENTS}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -45,5 +46,3 @@ private-etc alternatives,fonts,machine-id
45private-tmp 46private-tmp
46 47
47memory-deny-write-execute 48memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index f0546beda..33b4509b7 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -16,6 +16,7 @@ noblacklist ${DOCUMENTS}
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
19include disable-exec.inc
19include disable-interpreters.inc 20include disable-interpreters.inc
20include disable-passwdmgr.inc 21include disable-passwdmgr.inc
21include disable-programs.inc 22include disable-programs.inc
@@ -47,8 +48,6 @@ private-tmp
47 48
48# 2.2.4 crashes on database open 49# 2.2.4 crashes on database open
49# memory-deny-write-execute 50# memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
52 51
53# Mutex is stored in /tmp by default, which is broken by private-tmp 52# Mutex is stored in /tmp by default, which is broken by private-tmp
54join-or-start keepassxc 53join-or-start keepassxc
diff --git a/etc/kget.profile b/etc/kget.profile
index 2ef84a0ee..485edc1a4 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/kget
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -38,5 +39,3 @@ private-dev
38private-tmp 39private-tmp
39 40
40# memory-deny-write-execute 41# memory-deny-write-execute
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/konversation.profile b/etc/konversation.profile
index 03c51ccce..19174459c 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde4/share/config/konversationrc
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
39private-tmp 40private-tmp
40 41
41# memory-deny-write-execute 42# memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 7b7571176..f30a1b7e6 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/ktorrent
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -57,5 +58,3 @@ private-dev
57private-tmp 58private-tmp
58 59
59# memory-deny-write-execute 60# memory-deny-write-execute
60noexec ${HOME}
61noexec /tmp
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index 834f6f2dd..ee07636d3 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/kwin
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -39,6 +40,3 @@ private-bin kwin_x11
39private-dev 40private-dev
40private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg 41private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg
41private-tmp 42private-tmp
42
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index c1d4f2cbe..1f2afa5f0 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -10,6 +10,7 @@ noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 5f009c681..9750a31f4 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -15,6 +15,7 @@ noblacklist ${MUSIC}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -38,6 +39,3 @@ tracelog
38 39
39# private-bin musescore,mscore 40# private-bin musescore,mscore
40private-tmp 41private-tmp
41
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 06598c769..6cb3fe4cd 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
39private-tmp 40private-tmp
40 41
41memory-deny-write-execute 42memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 2b1cc6549..e45b335c8 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -6,6 +6,8 @@ include torbrowser-launcher.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9ignore noexec ${HOME}
10
9noblacklist ${HOME}/.config/torbrowser 11noblacklist ${HOME}/.config/torbrowser
10noblacklist ${HOME}/.local/share/torbrowser 12noblacklist ${HOME}/.local/share/torbrowser
11 13
@@ -17,6 +19,7 @@ noblacklist /usr/lib/python3*
17 19
18include disable-common.inc 20include disable-common.inc
19include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
20include disable-interpreters.inc 23include disable-interpreters.inc
21include disable-passwdmgr.inc 24include disable-passwdmgr.inc
22include disable-programs.inc 25include disable-programs.inc
@@ -51,5 +54,3 @@ private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,r
51private-dev 54private-dev
52private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache 55private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache
53private-tmp 56private-tmp
54
55noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 19:00:09 +0000