aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2017-09-16 13:47:31 -0400
committerLibravatar Tad <tad@spotco.us>2017-09-18 18:24:13 -0400
commit60606c2d041dc08b0af10baff1b18dbf507f8d81 (patch)
tree75ca83f6148cf6e93e75df9be3b85ab702a5fb9c /etc
parentAdd 5 profiles (diff)
downloadfirejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.gz
firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.zst
firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.zip
Fixup 36 profiles
Diffstat (limited to 'etc')
-rw-r--r--etc/Viber.profile20
-rw-r--r--etc/amule.profile17
-rw-r--r--etc/ardour4.profile33
-rw-r--r--etc/ardour5.profile25
-rw-r--r--etc/brackets.profile18
-rw-r--r--etc/calligra.profile21
-rw-r--r--etc/calligraauthor.profile2
-rw-r--r--etc/calligraconverter.profile2
-rw-r--r--etc/calligraflow.profile2
-rw-r--r--etc/calligraplan.profile2
-rw-r--r--etc/calligraplanwork.profile2
-rw-r--r--etc/calligrasheets.profile2
-rw-r--r--etc/calligrastage.profile2
-rw-r--r--etc/calligrawords.profile2
-rw-r--r--etc/cin.profile16
-rw-r--r--etc/dooble-qt4.profile32
-rw-r--r--etc/dooble.profile16
-rw-r--r--etc/fetchmail.profile17
-rw-r--r--etc/freecad.profile18
-rw-r--r--etc/freecadcmd.profile2
-rw-r--r--etc/google-earth.profile22
-rw-r--r--etc/imagej.profile19
-rw-r--r--etc/karbon.profile20
-rw-r--r--etc/kdenlive.profile19
-rw-r--r--etc/krita.profile20
-rw-r--r--etc/linphone.profile15
-rw-r--r--etc/lmms.profile16
-rw-r--r--etc/macrofusion.profile16
-rw-r--r--etc/mpd.profile19
-rw-r--r--etc/natron.profile26
-rw-r--r--etc/ricochet.profile14
-rw-r--r--etc/shotcut.profile14
-rw-r--r--etc/tor-browser-en.profile28
-rw-r--r--etc/tor.profile10
-rw-r--r--etc/x-terminal-emulator.profile6
-rw-r--r--etc/zart.profile10
36 files changed, 172 insertions, 353 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 5de92f36f..ee1ab6219 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -6,21 +6,15 @@ include /etc/firejail/Viber.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8
9noblacklist ${HOME}/.ViberPC
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
9whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
10whitelist ${HOME}/.ViberPC 17whitelist ${HOME}/.ViberPC
11whitelist /dev/dri
12whitelist /dev/full
13whitelist /dev/null
14whitelist /dev/ptmx
15whitelist /dev/pts
16whitelist /dev/random
17whitelist /dev/shm
18whitelist /dev/snd
19whitelist /dev/tty
20whitelist /dev/urandom
21whitelist /dev/video0
22whitelist /dev/zero
23whitelist /opt/viber
24include /etc/firejail/whitelist-common.inc 18include /etc/firejail/whitelist-common.inc
25 19
26caps.drop all 20caps.drop all
diff --git a/etc/amule.profile b/etc/amule.profile
index 5cd6e613e..48aad759d 100644
--- a/etc/amule.profile
+++ b/etc/amule.profile
@@ -5,18 +5,16 @@ include /etc/firejail/amule.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8
9blacklist /media 9noblacklist ${HOME}/.aMule
10blacklist /mnt 10
11blacklist /opt 11include /etc/firejail/disable-common.inc
12blacklist /usr/local/bin 12include /etc/firejail/disable-devel.inc
13blacklist /usr/local/sbin 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
14 15
15whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
16whitelist ${HOME}/.aMule 17whitelist ${HOME}/.aMule
17whitelist ${HOME}/.gtkrc-2.0
18whitelist ${HOME}/.gtkrc.mine
19whitelist ${HOME}/.themes
20include /etc/firejail/whitelist-common.inc 18include /etc/firejail/whitelist-common.inc
21 19
22caps.drop all 20caps.drop all
@@ -29,5 +27,4 @@ shell none
29 27
30private-bin amule 28private-bin amule
31private-dev 29private-dev
32private-etc fonts,hosts
33private-tmp 30private-tmp
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
index 3a52edb66..095685364 100644
--- a/etc/ardour4.profile
+++ b/etc/ardour4.profile
@@ -1,34 +1,5 @@
1# Firejail profile for ardour4 1# Firejail profile alias for ardour5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/ardour4.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7 3
8noblacklist ~/.config/ardour4
9 4
10include /etc/firejail/disable-common.inc 5include /etc/firejail/ardour5.profile
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15mkdir ~/.config/ardour4
16whitelist ~/.config/ardour4
17whitelist ~/Music
18whitelist ~/Música
19include /etc/firejail/whitelist-common.inc
20
21caps.drop all
22netfilter
23nogroups
24nonewprivs
25noroot
26protocol unix
27seccomp
28shell none
29tracelog
30
31# private-bin ardour4
32private-dev
33# private-etc ardour4
34private-tmp
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index f17c74e2b..42744f4dd 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -5,19 +5,16 @@ include /etc/firejail/ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12blacklist /usr/local/bin
13 8
14whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.config/ardour4
15whitelist ${HOME}/.config/ardour4 10noblacklist ${HOME}/.config/ardour5
16whitelist ${HOME}/.config/ardour5 11noblacklist ${HOME}/.lv2
17whitelist ${HOME}/.lv2 12noblacklist ${HOME}/.vst
18whitelist ${HOME}/.vst 13
19whitelist ${HOME}/Documents 14include /etc/firejail/disable-common.inc
20include /etc/firejail/whitelist-common.inc 15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc
21 18
22caps.drop all 19caps.drop all
23ipc-namespace 20ipc-namespace
@@ -27,9 +24,9 @@ noroot
27seccomp 24seccomp
28shell none 25shell none
29 26
30private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm 27#private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
31private-dev 28private-dev
32private-etc pulse,X11,alternatives,ardour4,ardour5,fonts 29#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts
33private-tmp 30private-tmp
34 31
35noexec /home 32noexec /home
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 3c7622435..151d88bdd 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -5,19 +5,13 @@ include /etc/firejail/brackets.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8noblacklist ${HOME}/.config/Brackets
9blacklist /media 9noblacklist /opt/brackets/
10blacklist /mnt 10noblacklist /opt/google/
11 11
12whitelist ${DOWNLOADS} 12include /etc/firejail/disable-common.inc
13whitelist ${HOME}/.config/Brackets 13include /etc/firejail/disable-passwdmgr.inc
14whitelist ${HOME}/.gtkrc-2.0 14include /etc/firejail/disable-programs.inc
15whitelist ${HOME}/.themes
16whitelist ${HOME}/Documents
17whitelist /opt/brackets/
18whitelist /opt/google/
19whitelist /tmp/.X11-unix
20include /etc/firejail/whitelist-common.inc
21 15
22caps.drop all 16caps.drop all
23# Comment out or use --ignore=net if you want to install extensions or themes 17# Comment out or use --ignore=net if you want to install extensions or themes
diff --git a/etc/calligra.profile b/etc/calligra.profile
index 260097560..58006f203 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -5,21 +5,10 @@ include /etc/firejail/calligra.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8include /etc/firejail/disable-common.inc
9blacklist /media 9include /etc/firejail/disable-devel.inc
10blacklist /mnt 10include /etc/firejail/disable-passwdmgr.inc
11blacklist /opt 11include /etc/firejail/disable-programs.inc
12
13whitelist ${DOWNLOADS}
14whitelist ${HOME}/.config/Trolltech.conf
15whitelist ${HOME}/.gtkrc-2.0
16whitelist ${HOME}/.kde
17whitelist ${HOME}/.themes
18whitelist ${HOME}/Documents
19whitelist /tmp/.X11-unix
20# DBus is forced to use an ordinary unix socket
21whitelist /tmp/dbus_session_socket
22include /etc/firejail/whitelist-common.inc
23 12
24caps.drop all 13caps.drop all
25ipc-namespace 14ipc-namespace
@@ -31,7 +20,7 @@ shell none
31 20
32private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch 21private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
33private-dev 22private-dev
34private-etc fonts,passwd,alternatives,X11 23#private-etc fonts,passwd,alternatives,X11
35 24
36noexec /home 25noexec /home
37noexec /tmp 26noexec /tmp
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligraauthor.profile
+++ b/etc/calligraauthor.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligraconverter.profile
+++ b/etc/calligraconverter.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligraflow.profile
+++ b/etc/calligraflow.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligraplan.profile
+++ b/etc/calligraplan.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligraplanwork.profile
+++ b/etc/calligraplanwork.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligrasheets.profile
+++ b/etc/calligrasheets.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligrastage.profile
+++ b/etc/calligrastage.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
index 2b005c5c9..162823019 100644
--- a/etc/calligrawords.profile
+++ b/etc/calligrawords.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/calligra.profile 5include /etc/firejail/calligra.profile
diff --git a/etc/cin.profile b/etc/cin.profile
index 3a8a4d8de..e895805eb 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -5,16 +5,12 @@ include /etc/firejail/cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8noblacklist ${HOME}/.bcast5
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 9
13whitelist ${DOWNLOADS} 10include /etc/firejail/disable-common.inc
14whitelist ${HOME}/.bcast5 11include /etc/firejail/disable-devel.inc
15whitelist ${HOME}/Videos 12include /etc/firejail/disable-passwdmgr.inc
16whitelist /tmp/.X11-unix 13include /etc/firejail/disable-programs.inc
17include /etc/firejail/whitelist-common.inc
18 14
19caps.drop all 15caps.drop all
20ipc-namespace 16ipc-namespace
@@ -26,7 +22,7 @@ shell none
26 22
27private-bin cin 23private-bin cin
28private-dev 24private-dev
29private-etc fonts,pulse 25#private-etc fonts,pulse
30 26
31noexec /home 27noexec /home
32noexec /tmp 28noexec /tmp
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
index ec85c7b58..67df7ce36 100644
--- a/etc/dooble-qt4.profile
+++ b/etc/dooble-qt4.profile
@@ -1,33 +1,5 @@
1# Firejail profile for dooble-qt4 1# Firejail profile alias for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7 3
8noblacklist ~/.dooble
9 4
10include /etc/firejail/disable-common.inc 5include /etc/firejail/dooble.profile
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc
13
14mkdir ~/.dooble
15mkdir ~/usr/lib/dooble-qt4
16whitelist ${DOWNLOADS}
17whitelist ~/.config/keepassx
18whitelist ~/.config/lastpass
19whitelist ~/.dooble
20whitelist ~/.keepassx
21whitelist ~/.lastpass
22whitelist ~/keepassx.kdbx
23whitelist ~/usr/lib/dooble
24whitelist ~/usr/lib/dooble-qt4
25include /etc/firejail/whitelist-common.inc
26
27caps.drop all
28netfilter
29nonewprivs
30noroot
31protocol unix,inet,inet6,netlink
32seccomp
33tracelog
diff --git a/etc/dooble.profile b/etc/dooble.profile
index 13e4ead96..cbb0f96b8 100644
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@@ -1,27 +1,21 @@
1# Firejail profile for dooble 1# Firejail profile for dooble-qt4
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dooble.local 4include /etc/firejail/dooble-qt4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8
8noblacklist ~/.dooble 9noblacklist ~/.dooble
9 10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
13 15
14mkdir ~/.dooble 16mkdir ${HOME}/.dooble
15mkdir ~/usr/lib/dooble-qt4
16whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
17whitelist ~/.config/keepassx
18whitelist ~/.config/lastpass
19whitelist ~/.dooble 18whitelist ~/.dooble
20whitelist ~/.keepassx
21whitelist ~/.lastpass
22whitelist ~/keepassx.kdbx
23whitelist ~/usr/lib/dooble
24whitelist ~/usr/lib/dooble-qt4
25include /etc/firejail/whitelist-common.inc 19include /etc/firejail/whitelist-common.inc
26 20
27caps.drop all 21caps.drop all
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
index dc7f4abc3..2b2be4c16 100644
--- a/etc/fetchmail.profile
+++ b/etc/fetchmail.profile
@@ -5,26 +5,17 @@ include /etc/firejail/fetchmail.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13# Location of your fetchmailrc - I decrypt it into /tmp/fetchmailrc 9include /etc/firejail/disable-common.inc
14# whitelist ${HOME}/.fetchmailrc.gpg 10include /etc/firejail/disable-devel.inc
15whitelist ${HOME}/.procmailrc.brown 11include /etc/firejail/disable-passwdmgr.inc
16whitelist ${HOME}/.procmailrc.gmail 12include /etc/firejail/disable-programs.inc
17whitelist ${HOME}/Mail
18whitelist ${HOME}/scripts/fetchmail-real.sh
19whitelist /tmp/fetchmailrc
20include /etc/firejail/whitelist-common.inc
21 13
22caps.drop all 14caps.drop all
23nogroups 15nogroups
24noroot 16noroot
25nosound 17nosound
26seccomp 18seccomp
27x11 none
28 19
29# private-bin fetchmail,procmail,bash,chmod 20# private-bin fetchmail,procmail,bash,chmod
30private-dev 21private-dev
diff --git a/etc/freecad.profile b/etc/freecad.profile
index 0467edb6d..c2d4661e8 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -5,17 +5,13 @@ include /etc/firejail/freecad.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12blacklist /usr/local/bin
13blacklist /usr/local/sbin
14 8
15whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.config/FreeCAD
16whitelist ${HOME}/.config/FreeCAD 10
17whitelist ${HOME}/Documents 11include /etc/firejail/disable-common.inc
18include /etc/firejail/whitelist-common.inc 12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
19 15
20caps.drop all 16caps.drop all
21ipc-namespace 17ipc-namespace
@@ -29,7 +25,7 @@ shell none
29 25
30private-bin freecad,freecadcmd 26private-bin freecad,freecadcmd
31private-dev 27private-dev
32private-etc fonts,passwd,alternatives,X11 28#private-etc fonts,passwd,alternatives,X11
33private-tmp 29private-tmp
34 30
35noexec ${HOME} 31noexec ${HOME}
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
index 41cfd3fab..82ce8fcaa 100644
--- a/etc/freecadcmd.profile
+++ b/etc/freecadcmd.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4 4
5include ${HOME}/.config/firejail/freecad.profile 5include /etc/firejail/freecad.profile
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index a339402e2..11d55281a 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -5,16 +5,18 @@ include /etc/firejail/google-earth.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8noblacklist ${HOME}/.config/Google
9blacklist /media 9noblacklist ${HOME}/.googleearth
10blacklist /mnt
11 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16mkdir ${HOME}/.config/Google
17mkdir ${HOME}/.googleearth
12whitelist ${HOME}/.config/Google 18whitelist ${HOME}/.config/Google
13whitelist ${HOME}/.googleearth/Cache/ 19whitelist ${HOME}/.googleearth
14whitelist ${HOME}/.googleearth/Temp/
15whitelist ${HOME}/.googleearth/myplaces.backup.kml
16whitelist ${HOME}/.googleearth/myplaces.kml
17whitelist /tmp/.X11-unix
18include /etc/firejail/whitelist-common.inc 20include /etc/firejail/whitelist-common.inc
19 21
20caps.drop all 22caps.drop all
@@ -26,7 +28,7 @@ shell none
26 28
27private-bin google-earth,sh,grep,sed,ls,dirname 29private-bin google-earth,sh,grep,sed,ls,dirname
28private-dev 30private-dev
29private-etc fonts,resolv.conf,X11,alternatives,pulse 31#private-etc fonts,resolv.conf,X11,alternatives,pulse
30 32
31noexec /home 33noexec ${HOME}
32noexec /tmp 34noexec /tmp
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 4404cc9a2..4613e378f 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -5,20 +5,13 @@ include /etc/firejail/imagej.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12blacklist /usr/local/bin
13blacklist /usr/local/sbin
14 8
15whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.imagej
16whitelist ${HOME}/.gtkrc-2.0 10
17whitelist ${HOME}/.gtkrc.mine 11include /etc/firejail/disable-common.inc
18whitelist ${HOME}/.imagej 12include /etc/firejail/disable-devel.inc
19whitelist ${HOME}/.themes 13include /etc/firejail/disable-passwdmgr.inc
20whitelist ${HOME}/Pictures 14include /etc/firejail/disable-programs.inc
21include /etc/firejail/whitelist-common.inc
22 15
23caps.drop all 16caps.drop all
24ipc-namespace 17ipc-namespace
diff --git a/etc/karbon.profile b/etc/karbon.profile
index da72432f7..7d7f25ad0 100644
--- a/etc/karbon.profile
+++ b/etc/karbon.profile
@@ -5,21 +5,11 @@ include /etc/firejail/karbon.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13whitelist ${DOWNLOADS} 9include /etc/firejail/disable-common.inc
14whitelist ${HOME}/.config/Trolltech.conf 10include /etc/firejail/disable-devel.inc
15whitelist ${HOME}/.gtkrc-2.0 11include /etc/firejail/disable-passwdmgr.inc
16whitelist ${HOME}/.kde4 12include /etc/firejail/disable-programs.inc
17whitelist ${HOME}/.themes
18whitelist ${HOME}/Images
19whitelist /tmp/.X11-unix
20# DBus has been forced to use an ordinary unix socket
21whitelist /tmp/dbus_session_socket
22include /etc/firejail/whitelist-common.inc
23 13
24caps.drop all 14caps.drop all
25ipc-namespace 15ipc-namespace
@@ -29,9 +19,7 @@ noroot
29seccomp 19seccomp
30shell none 20shell none
31 21
32# private-bin krita,dbus-launch
33private-dev 22private-dev
34# private-etc fonts,passwd,alternatives,X11
35 23
36noexec /home 24noexec /home
37noexec /tmp 25noexec /tmp
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index b982bd045..b91bd9c41 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -5,20 +5,11 @@ include /etc/firejail/kdenlive.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13# Apparently these break kdenlive for some people - they work for me though? 9include /etc/firejail/disable-common.inc
14# whitelist ${DOWNLOADS} 10include /etc/firejail/disable-devel.inc
15# whitelist ${HOME}/.config/ 11include /etc/firejail/disable-passwdmgr.inc
16# whitelist ${HOME}/Videos 12include /etc/firejail/disable-programs.inc
17# whitelist ${HOME}/kdenlive
18whitelist /tmp/.X11-unix
19# DBus is forced to use an ordinary unix socket
20whitelist /tmp/dbus_session_socket
21include /etc/firejail/whitelist-common.inc
22 13
23caps.drop all 14caps.drop all
24net none 15net none
@@ -29,4 +20,4 @@ shell none
29 20
30private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper 21private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
31private-dev 22private-dev
32private-etc fonts,alternatives,X11,pulse,passwd 23#private-etc fonts,alternatives,X11,pulse,passwd
diff --git a/etc/krita.profile b/etc/krita.profile
index f6e62e387..d60ef2fa7 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -5,21 +5,11 @@ include /etc/firejail/krita.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13whitelist ${DOWNLOADS} 9include /etc/firejail/disable-common.inc
14whitelist ${HOME}/.config/Trolltech.conf 10include /etc/firejail/disable-devel.inc
15whitelist ${HOME}/.gtkrc-2.0 11include /etc/firejail/disable-passwdmgr.inc
16whitelist ${HOME}/.kde4 12include /etc/firejail/disable-programs.inc
17whitelist ${HOME}/.themes
18whitelist ${HOME}/Images
19whitelist /tmp/.X11-unix
20# DBus has been forced to use an ordinary unix socket
21whitelist /tmp/dbus_session_socket
22include /etc/firejail/whitelist-common.inc
23 13
24caps.drop all 14caps.drop all
25ipc-namespace 15ipc-namespace
@@ -29,9 +19,7 @@ noroot
29seccomp 19seccomp
30shell none 20shell none
31 21
32# private-bin krita,dbus-launch
33private-dev 22private-dev
34# private-etc fonts,passwd,alternatives,X11
35 23
36noexec /home 24noexec /home
37noexec /tmp 25noexec /tmp
diff --git a/etc/linphone.profile b/etc/linphone.profile
index 850fcb320..8763b348a 100644
--- a/etc/linphone.profile
+++ b/etc/linphone.profile
@@ -5,13 +5,16 @@ include /etc/firejail/linphone.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8noblacklist ${HOME}/.linphone-history.db
9blacklist /media 9noblacklist ${HOME}/.linphonerc
10blacklist /mnt
11blacklist /opt
12 10
13whitelist ${HOME}/.gtkrc-2.0 11include /etc/firejail/disable-common.inc
14whitelist ${HOME}/.gtkrc.mine 12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16mkfile ${HOME}/.linphone-history.db
17mkfile ${HOME}/.linphonerc
15whitelist ${HOME}/.linphone-history.db 18whitelist ${HOME}/.linphone-history.db
16whitelist ${HOME}/.linphonerc 19whitelist ${HOME}/.linphonerc
17whitelist ${HOME}/Downloads 20whitelist ${HOME}/Downloads
diff --git a/etc/lmms.profile b/etc/lmms.profile
index 8ac039cc0..14a7209a9 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -5,17 +5,13 @@ include /etc/firejail/lmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.lmmsrc.xml
14whitelist ${HOME}/.lmmsrc.xml 10
15whitelist ${HOME}/Music 11include /etc/firejail/disable-common.inc
16whitelist ${HOME}/lmms 12include /etc/firejail/disable-devel.inc
17whitelist /tmp/.X11-unix 13include /etc/firejail/disable-passwdmgr.inc
18include /etc/firejail/whitelist-common.inc 14include /etc/firejail/disable-programs.inc
19 15
20caps.drop all 16caps.drop all
21ipc-namespace 17ipc-namespace
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index 287a5ea85..e53f175f8 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -6,12 +6,12 @@ include /etc/firejail/macrofusion.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8
9whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.config/mfusion
10whitelist ${HOME}/.config/gtk-3.0 10
11whitelist ${HOME}/.config/mfusion 11include /etc/firejail/disable-common.inc
12whitelist ${HOME}/.themes 12include /etc/firejail/disable-devel.inc
13whitelist ${HOME}/Pictures 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/whitelist-common.inc 14include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
@@ -22,7 +22,7 @@ noroot
22seccomp 22seccomp
23shell none 23shell none
24 24
25private-bin python3,macrofusion,env,enfuse,exiftool,align_image_stack 25#private-bin python3,macrofusion,env,enfuse,exiftool,align_image_stack
26private-dev 26private-dev
27private-etc fonts 27#private-etc fonts
28private-tmp 28private-tmp
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 44baab7e9..ebcdca443 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -5,22 +5,17 @@ include /etc/firejail/mpd.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot
9blacklist /media
10blacklist /mnt
11blacklist /opt
12 8
13whitelist ${HOME}/.config/pulse/ 9noblacklist ${HOME}/.mpdconf
14whitelist ${HOME}/.mpdconf 10
15whitelist ${HOME}/.pulse/ 11include /etc/firejail/disable-common.inc
16whitelist ${HOME}/Music 12include /etc/firejail/disable-devel.inc
17whitelist ${HOME}/mpd 13include /etc/firejail/disable-passwdmgr.inc
18include /etc/firejail/whitelist-common.inc 14include /etc/firejail/disable-programs.inc
19 15
20caps.drop all 16caps.drop all
21noroot 17noroot
22seccomp 18seccomp
23 19
24private-bin mpd,bash 20#private-bin mpd,bash
25private-dev 21private-dev
26read-only ${HOME}/Music/
diff --git a/etc/natron.profile b/etc/natron.profile
index 6101d1331..8f266f56c 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -5,30 +5,22 @@ include /etc/firejail/natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# Contributed by triceratops1 (https://github.com/triceratops1)
9 8
10blacklist /boot 9noblacklist ${HOME}/.Natron
11blacklist /media 10noblacklist ${HOME}/.cache/INRIA/Natron/
12blacklist /mnt 11noblacklist ${HOME}/.config/INRIA/
13blacklist /usr/local/bin 12noblacklist /opt/natron/
14blacklist /usr/local/sbin
15 13
16whitelist ${DOWNLOADS} 14include /etc/firejail/disable-common.inc
17whitelist ${HOME}/.Natron 15include /etc/firejail/disable-devel.inc
18whitelist ${HOME}/.cache/INRIA/Natron/ 16include /etc/firejail/disable-passwdmgr.inc
19whitelist ${HOME}/.config/INRIA/ 17include /etc/firejail/disable-programs.inc
20whitelist ${HOME}/.gtkrc-2.0
21whitelist ${HOME}/.themes
22whitelist ${HOME}/Videos
23whitelist /opt/natron/
24whitelist /tmp/.X11-unix/
25include /etc/firejail/whitelist-common.inc
26 18
27ipc-namespace 19ipc-namespace
28shell none 20shell none
29 21
30private-bin natron 22private-bin natron
31private-etc fonts,X11,pulse 23#private-etc fonts,X11,pulse
32 24
33noexec ${HOME} 25noexec ${HOME}
34noexec /tmp 26noexec /tmp
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index 47b16b30e..423dfb887 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -5,14 +5,16 @@ include /etc/firejail/ricochet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8
9blacklist /media 9noblacklist ${HOME}/.local/share/Ricochet
10blacklist /mnt 10
11blacklist /opt 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
12 15
13whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
14whitelist ${HOME}/.local/share/Ricochet 17whitelist ${HOME}/.local/share/Ricochet
15whitelist /tmp/.X11-unix
16include /etc/firejail/whitelist-common.inc 18include /etc/firejail/whitelist-common.inc
17 19
18caps.drop all 20caps.drop all
@@ -24,7 +26,7 @@ shell none
24 26
25private-bin ricochet,tor 27private-bin ricochet,tor
26private-dev 28private-dev
27private-etc fonts,tor,X11,alternatives 29#private-etc fonts,tor,X11,alternatives
28 30
29noexec /home 31noexec /home
30noexec /tmp 32noexec /tmp
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index 2bf3cc2e0..1a7ce6bce 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -5,13 +5,13 @@ include /etc/firejail/shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /usr/local/bin
9 8
10whitelist ${DOWNLOADS} 9noblacklist ${HOME}/.config/Meltytech
11whitelist ${HOME}/.config/Meltytech 10
12whitelist ${HOME}/Videos 11include /etc/firejail/disable-common.inc
13whitelist /tmp/.X11-unix 12include /etc/firejail/disable-devel.inc
14include /etc/firejail/whitelist-common.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
@@ -22,7 +22,7 @@ shell none
22 22
23private-bin shotcut,melt,qmelt,nice 23private-bin shotcut,melt,qmelt,nice
24private-dev 24private-dev
25private-etc X11,alternatives,pulse,fonts 25#private-etc X11,alternatives,pulse,fonts
26 26
27noexec ${HOME} 27noexec ${HOME}
28noexec /tmp 28noexec /tmp
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 1f0b61c75..65ea41e18 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -5,26 +5,15 @@ include /etc/firejail/tor-browser-en.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /boot 8
9blacklist /media 9noblacklist ${HOME}/.tor-browser-en
10blacklist /mnt 10
11blacklist /opt 11include /etc/firejail/disable-common.inc
12blacklist /usr/local/bin 12include /etc/firejail/disable-devel.inc
13blacklist /var 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
14 15
15whitelist ${HOME}/.tor-browser-en 16whitelist ${HOME}/.tor-browser-en
16whitelist /dev/dri
17whitelist /dev/full
18whitelist /dev/null
19whitelist /dev/ptmx
20whitelist /dev/pts
21whitelist /dev/random
22whitelist /dev/shm
23whitelist /dev/snd
24whitelist /dev/tty
25whitelist /dev/urandom
26whitelist /dev/video0
27whitelist /dev/zero
28include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
29 18
30caps.drop all 19caps.drop all
@@ -33,9 +22,6 @@ seccomp
33shell none 22shell none
34 23
35private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr 24private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
36# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
37# https://github.com/netblue30/firejail/issues/955
38private-etc X11,pulse,machine-id
39private-tmp 25private-tmp
40 26
41noexec /tmp 27noexec /tmp
diff --git a/etc/tor.profile b/etc/tor.profile
index 2e2172cad..73577825a 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -8,6 +8,7 @@ include /etc/firejail/globals.local
8# How to use: 8# How to use:
9# Create a script called anything (e.g. mytor) 9# Create a script called anything (e.g. mytor)
10# with the following contents: 10# with the following contents:
11
11# #!/bin/bash 12# #!/bin/bash
12# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1" 13# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
13# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD 14# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
@@ -15,10 +16,10 @@ include /etc/firejail/globals.local
15# You'll also likely want to disable the system service (if it exists) 16# You'll also likely want to disable the system service (if it exists)
16# Run mytor (or whatever you called the script above) whenever you want to start tor 17# Run mytor (or whatever you called the script above) whenever you want to start tor
17 18
18blacklist /boot 19include /etc/firejail/disable-common.inc
19blacklist /media 20include /etc/firejail/disable-devel.inc
20blacklist /mnt 21include /etc/firejail/disable-passwdmgr.inc
21blacklist /opt 22include /etc/firejail/disable-programs.inc
22 23
23caps.keep setuid,setgid,net_bind_service,dac_read_search 24caps.keep setuid,setgid,net_bind_service,dac_read_search
24ipc-namespace 25ipc-namespace
@@ -29,7 +30,6 @@ nosound
29seccomp 30seccomp
30shell none 31shell none
31writable-var 32writable-var
32x11 none
33 33
34private 34private
35private-bin tor,bash 35private-bin tor,bash
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index eb4c58480..aca0d7144 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -6,13 +6,7 @@ include /etc/firejail/x-terminal-emulator.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8
9whitelist /tmp/.X11-unix/X470
10whitelist /tmp/fcitx-socket-:0
11whitelist /tmp/user/1000/
12include /etc/firejail/whitelist-common.inc
13
14caps.drop all 9caps.drop all
15env DISPLAY=:470
16ipc-namespace 10ipc-namespace
17net none 11net none
18netfilter 12netfilter
diff --git a/etc/zart.profile b/etc/zart.profile
index 654679174..6022e8260 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -5,12 +5,11 @@ include /etc/firejail/zart.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# Contributed by triceratops1 (https://github.com/triceratops1)
9 8
10whitelist ${DOWNLOADS} 9include /etc/firejail/disable-common.inc
11whitelist ${HOME}/Videos 10include /etc/firejail/disable-devel.inc
12whitelist /tmp/.X11-unix 11include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/whitelist-common.inc 12include /etc/firejail/disable-programs.inc
14 13
15caps.drop all 14caps.drop all
16ipc-namespace 15ipc-namespace
@@ -21,7 +20,6 @@ shell none
21 20
22private-bin zart,ffmpeg,melt,ffprobe,ffplay 21private-bin zart,ffmpeg,melt,ffprobe,ffplay
23private-dev 22private-dev
24private-etc fonts,X11
25 23
26noexec ${HOME} 24noexec ${HOME}
27noexec /tmp 25noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 10:40:32 +0000