diff options
| author |  smitsohu <smitsohu@gmail.com> | 2022-03-11 15:44:00 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2022-03-11 15:44:00 +0100 |
| commit | 255fdb1c7f75f00f0560c614bd986f086a5253cb (patch) | |
| tree | 50a4b8a7ed6daa8c67006b5498ed86d1788c83aa /etc | |
| parent | merge (diff) | |
| parent | Merge pull request #5013 from rusty-snake/scala (diff) | |
| download | firejail-255fdb1c7f75f00f0560c614bd986f086a5253cb.tar.gz firejail-255fdb1c7f75f00f0560c614bd986f086a5253cb.tar.zst firejail-255fdb1c7f75f00f0560c614bd986f086a5253cb.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/disable-common.inc | 3 | ||||
| -rw-r--r-- | etc/inc/disable-devel.inc | 7 | ||||
| -rw-r--r-- | etc/inc/disable-programs.inc | 5 | ||||
| -rw-r--r-- | etc/profile-m-z/steam.profile | 6 |
4 files changed, 20 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 43332b4d0..2e2f6c429 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
| @@ -9,7 +9,9 @@ blacklist ${HOME}/.local/share/Trash | |||
| 9 | 9 | ||
| 10 | # History files in $HOME and clipboard managers | 10 | # History files in $HOME and clipboard managers |
| 11 | blacklist-nolog ${HOME}/.*_history | 11 | blacklist-nolog ${HOME}/.*_history |
| 12 | blacklist-nolog ${HOME}/.*_history_* | ||
| 12 | blacklist-nolog ${HOME}/.adobe | 13 | blacklist-nolog ${HOME}/.adobe |
| 14 | blacklist-nolog ${HOME}/.ammonite/history | ||
| 13 | blacklist-nolog ${HOME}/.cache/greenclip* | 15 | blacklist-nolog ${HOME}/.cache/greenclip* |
| 14 | blacklist-nolog ${HOME}/.histfile | 16 | blacklist-nolog ${HOME}/.histfile |
| 15 | blacklist-nolog ${HOME}/.history | 17 | blacklist-nolog ${HOME}/.history |
| @@ -360,6 +362,7 @@ read-only ${HOME}/.bin | |||
| 360 | read-only ${HOME}/.cargo/bin | 362 | read-only ${HOME}/.cargo/bin |
| 361 | read-only ${HOME}/.gem | 363 | read-only ${HOME}/.gem |
| 362 | read-only ${HOME}/.local/bin | 364 | read-only ${HOME}/.local/bin |
| 365 | read-only ${HOME}/.local/share/coursier/bin | ||
| 363 | read-only ${HOME}/.luarocks | 366 | read-only ${HOME}/.luarocks |
| 364 | read-only ${HOME}/.npm-packages | 367 | read-only ${HOME}/.npm-packages |
| 365 | read-only ${HOME}/.nvm | 368 | read-only ${HOME}/.nvm |
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc index 98bf5ecc8..360077936 100644 --- a/etc/inc/disable-devel.inc +++ b/etc/inc/disable-devel.inc | |||
| @@ -41,6 +41,13 @@ blacklist /etc/java | |||
| 41 | blacklist /usr/lib/java | 41 | blacklist /usr/lib/java |
| 42 | blacklist /usr/share/java | 42 | blacklist /usr/share/java |
| 43 | 43 | ||
| 44 | # Scala | ||
| 45 | blacklist ${PATH}/scala | ||
| 46 | blacklist ${PATH}/scala3 | ||
| 47 | blacklist ${PATH}/scala3-compiler | ||
| 48 | blacklist ${PATH}/scala3-repl | ||
| 49 | blacklist ${PATH}/scalac | ||
| 50 | |||
| 44 | #OpenSSL | 51 | #OpenSSL |
| 45 | blacklist ${PATH}/openssl | 52 | blacklist ${PATH}/openssl |
| 46 | blacklist ${PATH}/openssl-1.0 | 53 | blacklist ${PATH}/openssl-1.0 |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 3d74b8866..f5de98450 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -30,6 +30,7 @@ blacklist ${HOME}/.aMule | |||
| 30 | blacklist ${HOME}/.abook | 30 | blacklist ${HOME}/.abook |
| 31 | blacklist ${HOME}/.addressbook | 31 | blacklist ${HOME}/.addressbook |
| 32 | blacklist ${HOME}/.alpine-smime | 32 | blacklist ${HOME}/.alpine-smime |
| 33 | blacklist ${HOME}/.ammonite | ||
| 33 | blacklist ${HOME}/.android | 34 | blacklist ${HOME}/.android |
| 34 | blacklist ${HOME}/.anydesk | 35 | blacklist ${HOME}/.anydesk |
| 35 | blacklist ${HOME}/.arduino15 | 36 | blacklist ${HOME}/.arduino15 |
| @@ -466,6 +467,7 @@ blacklist ${HOME}/.config/iridium | |||
| 466 | blacklist ${HOME}/.config/itch | 467 | blacklist ${HOME}/.config/itch |
| 467 | blacklist ${HOME}/.config/jami | 468 | blacklist ${HOME}/.config/jami |
| 468 | blacklist ${HOME}/.config/jd-gui.cfg | 469 | blacklist ${HOME}/.config/jd-gui.cfg |
| 470 | blacklist ${HOME}/.config/jgit | ||
| 469 | blacklist ${HOME}/.config/k3brc | 471 | blacklist ${HOME}/.config/k3brc |
| 470 | blacklist ${HOME}/.config/kaffeinerc | 472 | blacklist ${HOME}/.config/kaffeinerc |
| 471 | blacklist ${HOME}/.config/kalgebrarc | 473 | blacklist ${HOME}/.config/kalgebrarc |
| @@ -692,6 +694,7 @@ blacklist ${HOME}/.freemind | |||
| 692 | blacklist ${HOME}/.frogatto | 694 | blacklist ${HOME}/.frogatto |
| 693 | blacklist ${HOME}/.frozen-bubble | 695 | blacklist ${HOME}/.frozen-bubble |
| 694 | blacklist ${HOME}/.funnyboat | 696 | blacklist ${HOME}/.funnyboat |
| 697 | blacklist ${HOME}/.g8 | ||
| 695 | blacklist ${HOME}/.gallery-dl.conf | 698 | blacklist ${HOME}/.gallery-dl.conf |
| 696 | blacklist ${HOME}/.geekbench5 | 699 | blacklist ${HOME}/.geekbench5 |
| 697 | blacklist ${HOME}/.gimp* | 700 | blacklist ${HOME}/.gimp* |
| @@ -714,6 +717,7 @@ blacklist ${HOME}/.icedove | |||
| 714 | blacklist ${HOME}/.imagej | 717 | blacklist ${HOME}/.imagej |
| 715 | blacklist ${HOME}/.inkscape | 718 | blacklist ${HOME}/.inkscape |
| 716 | blacklist ${HOME}/.itch | 719 | blacklist ${HOME}/.itch |
| 720 | blacklist ${HOME}/.ivy2 | ||
| 717 | blacklist ${HOME}/.jack-server | 721 | blacklist ${HOME}/.jack-server |
| 718 | blacklist ${HOME}/.jack-settings | 722 | blacklist ${HOME}/.jack-settings |
| 719 | blacklist ${HOME}/.jak | 723 | blacklist ${HOME}/.jak |
| @@ -1072,6 +1076,7 @@ blacklist ${HOME}/.repo_.gitconfig.json | |||
| 1072 | blacklist ${HOME}/.repoconfig | 1076 | blacklist ${HOME}/.repoconfig |
| 1073 | blacklist ${HOME}/.retroshare | 1077 | blacklist ${HOME}/.retroshare |
| 1074 | blacklist ${HOME}/.ripperXrc | 1078 | blacklist ${HOME}/.ripperXrc |
| 1079 | blacklist ${HOME}/.sbt | ||
| 1075 | blacklist ${HOME}/.scorched3d | 1080 | blacklist ${HOME}/.scorched3d |
| 1076 | blacklist ${HOME}/.scribus | 1081 | blacklist ${HOME}/.scribus |
| 1077 | blacklist ${HOME}/.scribusrc | 1082 | blacklist ${HOME}/.scribusrc |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index b0be8a517..4137839f8 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
| @@ -35,6 +35,7 @@ noblacklist ${HOME}/.local/share/vpltd | |||
| 35 | noblacklist ${HOME}/.local/share/vulkan | 35 | noblacklist ${HOME}/.local/share/vulkan |
| 36 | noblacklist ${HOME}/.mbwarband | 36 | noblacklist ${HOME}/.mbwarband |
| 37 | noblacklist ${HOME}/.paradoxinteractive | 37 | noblacklist ${HOME}/.paradoxinteractive |
| 38 | noblacklist ${HOME}/.prey | ||
| 38 | noblacklist ${HOME}/.steam | 39 | noblacklist ${HOME}/.steam |
| 39 | noblacklist ${HOME}/.steampath | 40 | noblacklist ${HOME}/.steampath |
| 40 | noblacklist ${HOME}/.steampid | 41 | noblacklist ${HOME}/.steampid |
| @@ -82,6 +83,7 @@ mkdir ${HOME}/.local/share/vpltd | |||
| 82 | mkdir ${HOME}/.local/share/vulkan | 83 | mkdir ${HOME}/.local/share/vulkan |
| 83 | mkdir ${HOME}/.mbwarband | 84 | mkdir ${HOME}/.mbwarband |
| 84 | mkdir ${HOME}/.paradoxinteractive | 85 | mkdir ${HOME}/.paradoxinteractive |
| 86 | mkdir ${HOME}/.prey | ||
| 85 | mkdir ${HOME}/.steam | 87 | mkdir ${HOME}/.steam |
| 86 | mkfile ${HOME}/.steampath | 88 | mkfile ${HOME}/.steampath |
| 87 | mkfile ${HOME}/.steampid | 89 | mkfile ${HOME}/.steampid |
| @@ -115,6 +117,7 @@ whitelist ${HOME}/.local/share/vpltd | |||
| 115 | whitelist ${HOME}/.local/share/vulkan | 117 | whitelist ${HOME}/.local/share/vulkan |
| 116 | whitelist ${HOME}/.mbwarband | 118 | whitelist ${HOME}/.mbwarband |
| 117 | whitelist ${HOME}/.paradoxinteractive | 119 | whitelist ${HOME}/.paradoxinteractive |
| 120 | whitelist ${HOME}/.prey | ||
| 118 | whitelist ${HOME}/.steam | 121 | whitelist ${HOME}/.steam |
| 119 | whitelist ${HOME}/.steampath | 122 | whitelist ${HOME}/.steampath |
| 120 | whitelist ${HOME}/.steampid | 123 | whitelist ${HOME}/.steampid |
| @@ -143,7 +146,8 @@ novideo | |||
| 143 | protocol unix,inet,inet6,netlink | 146 | protocol unix,inet,inet6,netlink |
| 144 | # seccomp sometimes causes issues (see #2951, #3267). | 147 | # seccomp sometimes causes issues (see #2951, #3267). |
| 145 | # Add 'ignore seccomp' to your steam.local if you experience this. | 148 | # Add 'ignore seccomp' to your steam.local if you experience this. |
| 146 | seccomp !ptrace | 149 | # mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13 |
| 150 | seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2 | ||
| 147 | shell none | 151 | shell none |
| 148 | # tracelog breaks integrated browser | 152 | # tracelog breaks integrated browser |
| 149 | #tracelog | 153 | #tracelog |