aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2021-05-29 12:37:33 -0500
committerLibravatar GitHub <noreply@github.com>2021-05-29 12:37:33 -0500
commit567001a826653195881f4a4cb1c46b6f13da4466 (patch)
treec9a81ac26307b79553985212361ea4d3ab5fd6f8 /etc
parentMerge pull request #4316 from kmk3/configure-improvements (diff)
parentRestrict /usr/libexec (diff)
downloadfirejail-567001a826653195881f4a4cb1c46b6f13da4466.tar.gz
firejail-567001a826653195881f4a4cb1c46b6f13da4466.tar.zst
firejail-567001a826653195881f4a4cb1c46b6f13da4466.zip
Merge pull request #4287 from rusty-snake/restrict-usr-libexec
Restrict /usr/libexec
Diffstat (limited to 'etc')
-rw-r--r--etc/profile-a-l/0ad.profile2
-rw-r--r--etc/profile-a-l/apostrophe.profile1
-rw-r--r--etc/profile-a-l/bijiben.profile1
-rw-r--r--etc/profile-a-l/celluloid.profile2
-rw-r--r--etc/profile-a-l/chromium-browser-privacy.profile2
-rw-r--r--etc/profile-a-l/eo-common.profile2
-rw-r--r--etc/profile-a-l/etr.profile2
-rw-r--r--etc/profile-a-l/evince.profile2
-rw-r--r--etc/profile-a-l/file-roller.profile1
-rw-r--r--etc/profile-a-l/firefox.profile2
-rw-r--r--etc/profile-a-l/frogatto.profile1
-rw-r--r--etc/profile-a-l/gapplication.profile1
-rw-r--r--etc/profile-a-l/gfeeds.profile1
-rw-r--r--etc/profile-a-l/gnome-maps.profile2
-rw-r--r--etc/profile-a-l/gnome-passwordsafe.profile2
-rw-r--r--etc/profile-a-l/keepassxc.profile2
-rw-r--r--etc/profile-a-l/libreoffice.profile2
-rw-r--r--etc/profile-m-z/marker.profile1
-rw-r--r--etc/profile-m-z/meld.profile2
-rw-r--r--etc/profile-m-z/mpv.profile2
-rw-r--r--etc/profile-m-z/mrrescue.profile2
-rw-r--r--etc/profile-m-z/pingus.profile2
-rw-r--r--etc/profile-m-z/supertuxkart.profile2
-rw-r--r--etc/profile-m-z/yelp.profile1
24 files changed, 40 insertions, 0 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 454a15ab2..4009853d3 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -10,6 +10,8 @@ noblacklist ${HOME}/.cache/0ad
10noblacklist ${HOME}/.config/0ad 10noblacklist ${HOME}/.config/0ad
11noblacklist ${HOME}/.local/share/0ad 11noblacklist ${HOME}/.local/share/0ad
12 12
13blacklist /usr/libexec
14
13include disable-common.inc 15include disable-common.inc
14include disable-devel.inc 16include disable-devel.inc
15include disable-exec.inc 17include disable-exec.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 54abdb234..01566314f 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -31,6 +31,7 @@ include disable-programs.inc
31include disable-shell.inc 31include disable-shell.inc
32include disable-xdg.inc 32include disable-xdg.inc
33 33
34whitelist /usr/libexec/webkit2gtk-4.0
34whitelist /usr/share/apostrophe 35whitelist /usr/share/apostrophe
35whitelist /usr/share/texlive 36whitelist /usr/share/texlive
36whitelist /usr/share/texmf 37whitelist /usr/share/texmf
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index 721a6c082..854fe5cb9 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -20,6 +20,7 @@ include disable-xdg.inc
20mkdir ${HOME}/.local/share/bijiben 20mkdir ${HOME}/.local/share/bijiben
21whitelist ${HOME}/.local/share/bijiben 21whitelist ${HOME}/.local/share/bijiben
22whitelist ${HOME}/.cache/tracker 22whitelist ${HOME}/.cache/tracker
23whitelist /usr/libexec/webkit2gtk-4.0
23whitelist /usr/share/bijiben 24whitelist /usr/share/bijiben
24whitelist /usr/share/tracker 25whitelist /usr/share/tracker
25whitelist /usr/share/tracker3 26whitelist /usr/share/tracker3
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index f02161b9b..1c539cc93 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -17,6 +17,8 @@ include allow-lua.inc
17include allow-python2.inc 17include allow-python2.inc
18include allow-python3.inc 18include allow-python3.inc
19 19
20blacklist /usr/libexec
21
20include disable-common.inc 22include disable-common.inc
21include disable-devel.inc 23include disable-devel.inc
22include disable-exec.inc 24include disable-exec.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 0283a6934..8803a4d9d 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -6,6 +6,8 @@ include chromium-browser-privacy.local
6noblacklist ${HOME}/.cache/ungoogled-chromium 6noblacklist ${HOME}/.cache/ungoogled-chromium
7noblacklist ${HOME}/.config/ungoogled-chromium 7noblacklist ${HOME}/.config/ungoogled-chromium
8 8
9blacklist /usr/libexec
10
9mkdir ${HOME}/.cache/ungoogled-chromium 11mkdir ${HOME}/.cache/ungoogled-chromium
10mkdir ${HOME}/.config/ungoogled-chromium 12mkdir ${HOME}/.config/ungoogled-chromium
11whitelist ${HOME}/.cache/ungoogled-chromium 13whitelist ${HOME}/.cache/ungoogled-chromium
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index 8e8047b00..fe7913e77 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.local/share/Trash
11noblacklist ${HOME}/.Steam 11noblacklist ${HOME}/.Steam
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14blacklist /usr/libexec
15
14include disable-common.inc 16include disable-common.inc
15include disable-devel.inc 17include disable-devel.inc
16include disable-exec.inc 18include disable-exec.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index d44d419c1..fdff1e4b5 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -8,6 +8,8 @@ include globals.local
8 8
9noblacklist ${HOME}/.etr 9noblacklist ${HOME}/.etr
10 10
11blacklist /usr/libexec
12
11include disable-common.inc 13include disable-common.inc
12include disable-devel.inc 14include disable-devel.inc
13include disable-exec.inc 15include disable-exec.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index adcb29063..a9e39b15c 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -13,6 +13,8 @@ include globals.local
13noblacklist ${HOME}/.config/evince 13noblacklist ${HOME}/.config/evince
14noblacklist ${DOCUMENTS} 14noblacklist ${DOCUMENTS}
15 15
16blacklist /usr/libexec
17
16include disable-common.inc 18include disable-common.inc
17include disable-devel.inc 19include disable-devel.inc
18include disable-exec.inc 20include disable-exec.inc
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 0b8a8cd6c..4e651ed61 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,6 +13,7 @@ include disable-interpreters.inc
13include disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16whitelist /usr/libexec/file-roller
16whitelist /usr/share/file-roller 17whitelist /usr/share/file-roller
17include whitelist-runuser-common.inc 18include whitelist-runuser-common.inc
18include whitelist-usr-share-common.inc 19include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index b22a78458..7874c882f 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -17,6 +17,8 @@ include globals.local
17noblacklist ${HOME}/.cache/mozilla 17noblacklist ${HOME}/.cache/mozilla
18noblacklist ${HOME}/.mozilla 18noblacklist ${HOME}/.mozilla
19 19
20blacklist /usr/libexec
21
20mkdir ${HOME}/.cache/mozilla/firefox 22mkdir ${HOME}/.cache/mozilla/firefox
21mkdir ${HOME}/.mozilla 23mkdir ${HOME}/.mozilla
22whitelist ${HOME}/.cache/mozilla/firefox 24whitelist ${HOME}/.cache/mozilla/firefox
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index fa56d2b2d..b4ad81046 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -18,6 +18,7 @@ include disable-xdg.inc
18 18
19mkdir ${HOME}/.frogatto 19mkdir ${HOME}/.frogatto
20whitelist ${HOME}/.frogatto 20whitelist ${HOME}/.frogatto
21whitelist /usr/libexec/frogatto
21whitelist /usr/share/frogatto 22whitelist /usr/share/frogatto
22include whitelist-common.inc 23include whitelist-common.inc
23include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index f2da60c87..3a8c055f2 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -7,6 +7,7 @@ include gapplication.local
7include globals.local 7include globals.local
8 8
9blacklist ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10blacklist /usr/libexec
10 11
11include disable-common.inc 12include disable-common.inc
12include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 7ec8ba810..f894a42ca 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -31,6 +31,7 @@ whitelist ${HOME}/.cache/gfeeds
31whitelist ${HOME}/.cache/org.gabmus.gfeeds 31whitelist ${HOME}/.cache/org.gabmus.gfeeds
32whitelist ${HOME}/.config/org.gabmus.gfeeds.json 32whitelist ${HOME}/.config/org.gabmus.gfeeds.json
33whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles 33whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
34whitelist /usr/libexec/webkit2gtk-4.0
34whitelist /usr/share/gfeeds 35whitelist /usr/share/gfeeds
35include whitelist-common.inc 36include whitelist-common.inc
36include whitelist-runuser-common.inc 37include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf2ac2f75..23aab343f 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -18,6 +18,8 @@ noblacklist ${HOME}/.local/share/maps-places.json
18# Allow gjs (blacklisted by disable-interpreters.inc) 18# Allow gjs (blacklisted by disable-interpreters.inc)
19include allow-gjs.inc 19include allow-gjs.inc
20 20
21blacklist /usr/libexec
22
21include disable-common.inc 23include disable-common.inc
22include disable-devel.inc 24include disable-devel.inc
23include disable-exec.inc 25include disable-exec.inc
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index 763d67b92..fee5f88b9 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -13,6 +13,8 @@ noblacklist ${HOME}/*.kdbx
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python3.inc 14include allow-python3.inc
15 15
16blacklist /usr/libexec
17
16include disable-common.inc 18include disable-common.inc
17include disable-devel.inc 19include disable-devel.inc
18include disable-exec.inc 20include disable-exec.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index c352a5d89..f71dcf82b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -22,6 +22,8 @@ noblacklist ${HOME}/.config/vivaldi
22noblacklist ${HOME}/.local/share/torbrowser 22noblacklist ${HOME}/.local/share/torbrowser
23noblacklist ${HOME}/.mozilla 23noblacklist ${HOME}/.mozilla
24 24
25blacklist /usr/libexec
26
25include disable-common.inc 27include disable-common.inc
26include disable-devel.inc 28include disable-devel.inc
27include disable-exec.inc 29include disable-exec.inc
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index e4440eac0..b1a24888c 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -14,6 +14,8 @@ noblacklist ${HOME}/.config/libreoffice
14# Allow java (blacklisted by disable-devel.inc) 14# Allow java (blacklisted by disable-devel.inc)
15include allow-java.inc 15include allow-java.inc
16 16
17blacklist /usr/libexec
18
17include disable-common.inc 19include disable-common.inc
18include disable-devel.inc 20include disable-devel.inc
19include disable-exec.inc 21include disable-exec.inc
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 087c02964..bd56a8221 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -25,6 +25,7 @@ include disable-programs.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28whitelist /usr/libexec/webkit2gtk-4.0
28whitelist /usr/share/com.github.fabiocolacio.marker 29whitelist /usr/share/com.github.fabiocolacio.marker
29include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 1225cc107..2a8bb3acf 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -29,6 +29,8 @@ include allow-python3.inc
29# Allow ssh (blacklisted by disable-common.inc) 29# Allow ssh (blacklisted by disable-common.inc)
30include allow-ssh.inc 30include allow-ssh.inc
31 31
32blacklist /usr/libexec
33
32# Add the next line to your meld.local if you don't need to compare files in disable-common.inc. 34# Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
33#include disable-common.inc 35#include disable-common.inc
34include disable-devel.inc 36include disable-devel.inc
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 310f36ea1..af5c214f7 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -35,6 +35,8 @@ include allow-lua.inc
35include allow-python2.inc 35include allow-python2.inc
36include allow-python3.inc 36include allow-python3.inc
37 37
38blacklist /usr/libexec
39
38include disable-common.inc 40include disable-common.inc
39include disable-devel.inc 41include disable-devel.inc
40include disable-exec.inc 42include disable-exec.inc
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index 035a7e625..e3ceb3bd4 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -14,6 +14,8 @@ include allow-bin-sh.inc
14# Allow lua (blacklisted by disable-interpreters.inc) 14# Allow lua (blacklisted by disable-interpreters.inc)
15include allow-lua.inc 15include allow-lua.inc
16 16
17blacklist /usr/libexec
18
17include disable-common.inc 19include disable-common.inc
18include disable-devel.inc 20include disable-devel.inc
19include disable-exec.inc 21include disable-exec.inc
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index 3889d87d2..f1fdfcbad 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.pingus
11# Allow /bin/sh (blacklisted by disable-shell.inc) 11# Allow /bin/sh (blacklisted by disable-shell.inc)
12include allow-bin-sh.inc 12include allow-bin-sh.inc
13 13
14blacklist /usr/libexec
15
14include disable-common.inc 16include disable-common.inc
15include disable-devel.inc 17include disable-devel.inc
16include disable-exec.inc 18include disable-exec.inc
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 6a0ed46e0..095cea7b8 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -10,6 +10,8 @@ noblacklist ${HOME}/.config/supertuxkart
10noblacklist ${HOME}/.cache/supertuxkart 10noblacklist ${HOME}/.cache/supertuxkart
11noblacklist ${HOME}/.local/share/supertuxkart 11noblacklist ${HOME}/.local/share/supertuxkart
12 12
13blacklist /usr/libexec
14
13include disable-common.inc 15include disable-common.inc
14include disable-devel.inc 16include disable-devel.inc
15include disable-exec.inc 17include disable-exec.inc
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index 93054bfed..dee154409 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -19,6 +19,7 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/yelp 20mkdir ${HOME}/.config/yelp
21whitelist ${HOME}/.config/yelp 21whitelist ${HOME}/.config/yelp
22whitelist /usr/libexec/webkit2gtk-4.0
22whitelist /usr/share/doc 23whitelist /usr/share/doc
23whitelist /usr/share/groff 24whitelist /usr/share/groff
24whitelist /usr/share/help 25whitelist /usr/share/help
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-04 07:53:27 +0000