diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-10-18 09:15:19 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-10-18 09:15:19 -0400 |
| commit | b4c84b85a03da21179803077616fc77aeb9c8e22 (patch) | |
| tree | cd3282447decd09a065c36c8acb49e932a25aaef /etc | |
| parent | remove links for uninstalled programs (diff) | |
| download | firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.gz firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.zst firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.zip | |
profile updates
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/aweather.profile | 1 | ||||
| -rw-r--r-- | etc/bluefish.profile | 2 | ||||
| -rw-r--r-- | etc/clementine.profile | 5 | ||||
| -rw-r--r-- | etc/deluge.profile | 1 | ||||
| -rw-r--r-- | etc/dillo.profile | 4 | ||||
| -rw-r--r-- | etc/etr.profile | 1 | ||||
| -rw-r--r-- | etc/fbreader.profile | 2 | ||||
| -rw-r--r-- | etc/filezilla.profile | 1 | ||||
| -rw-r--r-- | etc/frozen-bubble.profile | 1 | ||||
| -rw-r--r-- | etc/lxmusic.profile | 2 | ||||
| -rw-r--r-- | etc/mplayer.profile | 2 | ||||
| -rw-r--r-- | etc/mupdf.profile | 2 | ||||
| -rw-r--r-- | etc/openshot.profile | 2 | ||||
| -rw-r--r-- | etc/qpdfview.profile | 2 | ||||
| -rw-r--r-- | etc/smplayer.profile | 2 | ||||
| -rw-r--r-- | etc/smtube.profile | 2 | ||||
| -rw-r--r-- | etc/supertux2.profile | 1 | ||||
| -rw-r--r-- | etc/vim.profile | 2 | ||||
| -rw-r--r-- | etc/warzone2100.profile | 1 | ||||
| -rw-r--r-- | etc/wget.profile | 2 | ||||
| -rw-r--r-- | etc/wireshark.profile | 2 | ||||
| -rw-r--r-- | etc/xpdf.profile | 2 |
22 files changed, 42 insertions, 0 deletions
diff --git a/etc/aweather.profile b/etc/aweather.profile index ef811b330..62cebdbe5 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
| @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
| 15 | mkdir ~/.config/aweather | 15 | mkdir ~/.config/aweather |
| 16 | whitelist ~/.config/aweather | 16 | whitelist ~/.config/aweather |
| 17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
| 18 | include /etc/firejail/whitelist-var-common.inc | ||
| 18 | 19 | ||
| 19 | caps.drop all | 20 | caps.drop all |
| 20 | netfilter | 21 | netfilter |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index f7e322838..052d03425 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
| @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 13 | 13 | ||
| 14 | include /etc/firejail/whitelist-var-common.inc | ||
| 15 | |||
| 14 | caps.drop all | 16 | caps.drop all |
| 15 | net none | 17 | net none |
| 16 | no3d | 18 | no3d |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 1d93e5f2c..619086437 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | caps.drop all | 17 | caps.drop all |
| 16 | nonewprivs | 18 | nonewprivs |
| 17 | noroot | 19 | noroot |
| @@ -20,3 +22,6 @@ novideo | |||
| 20 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
| 21 | # Clementine makes ioprio_set system calls, which are blacklisted by default. | 23 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
| 22 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 24 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
| 25 | |||
| 26 | private-dev | ||
| 27 | private-tmp | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index e18e39b1a..5ec849331 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
| @@ -16,6 +16,7 @@ mkdir ${HOME}/.config/deluge | |||
| 16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
| 17 | whitelist ${HOME}/.config/deluge | 17 | whitelist ${HOME}/.config/deluge |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
| 19 | include /etc/firejail/whitelist-var-common.inc | ||
| 19 | 20 | ||
| 20 | caps.drop all | 21 | caps.drop all |
| 21 | netfilter | 22 | netfilter |
diff --git a/etc/dillo.profile b/etc/dillo.profile index aa8a395e1..840a568d8 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
| @@ -18,6 +18,7 @@ whitelist ${DOWNLOADS} | |||
| 18 | whitelist ~/.dillo | 18 | whitelist ~/.dillo |
| 19 | whitelist ~/.fltk | 19 | whitelist ~/.fltk |
| 20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
| 21 | include /etc/firejail/whitelist-var-common.inc | ||
| 21 | 22 | ||
| 22 | caps.drop all | 23 | caps.drop all |
| 23 | netfilter | 24 | netfilter |
| @@ -28,3 +29,6 @@ notv | |||
| 28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
| 29 | seccomp | 30 | seccomp |
| 30 | tracelog | 31 | tracelog |
| 32 | |||
| 33 | private-dev | ||
| 34 | private-tmp | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 96e8b46d9..2438793a8 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
| @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
| 14 | mkdir ~/.etr | 14 | mkdir ~/.etr |
| 15 | whitelist ~/.etr | 15 | whitelist ~/.etr |
| 16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
| 17 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | 18 | ||
| 18 | caps.drop all | 19 | caps.drop all |
| 19 | net none | 20 | net none |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 01da2cafe..8e2e5b169 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | caps.drop all | 17 | caps.drop all |
| 16 | netfilter | 18 | netfilter |
| 17 | nodvd | 19 | nodvd |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 544c724bc..0f6cb22f3 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.filezilla | |||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | include /etc/firejail/whitelist-var-common.inc | ||
| 14 | 15 | ||
| 15 | caps.drop all | 16 | caps.drop all |
| 16 | netfilter | 17 | netfilter |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 40aa6d58d..858917c75 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
| @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
| 14 | mkdir ~/.frozen-bubble | 14 | mkdir ~/.frozen-bubble |
| 15 | whitelist ~/.frozen-bubble | 15 | whitelist ~/.frozen-bubble |
| 16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
| 17 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | 18 | ||
| 18 | caps.drop all | 19 | caps.drop all |
| 19 | net none | 20 | net none |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 901bdb408..0161ffb63 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
| @@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | |||
| 16 | caps.drop all | 18 | caps.drop all |
| 17 | netfilter | 19 | netfilter |
| 18 | no3d | 20 | no3d |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index b431e4695..58b94c171 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | caps.drop all | 17 | caps.drop all |
| 16 | netfilter | 18 | netfilter |
| 17 | # nogroups | 19 | # nogroups |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 62527c17d..a25cc352f 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
| @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 13 | 13 | ||
| 14 | include /etc/firejail/whitelist-var-common.inc | ||
| 15 | |||
| 14 | caps.drop all | 16 | caps.drop all |
| 15 | net none | 17 | net none |
| 16 | nodvd | 18 | nodvd |
diff --git a/etc/openshot.profile b/etc/openshot.profile index 02f4665d6..1463303b0 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
| @@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | |||
| 16 | caps.drop all | 18 | caps.drop all |
| 17 | netfilter | 19 | netfilter |
| 18 | nodvd | 20 | nodvd |
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 2d1df0f72..6c264778f 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
| @@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc | |||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | ||
| 18 | |||
| 17 | caps.drop all | 19 | caps.drop all |
| 18 | nodvd | 20 | nodvd |
| 19 | nogroups | 21 | nogroups |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 7563ad730..8c68cda1e 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
| @@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 15 | 15 | ||
| 16 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | |||
| 16 | caps.drop all | 18 | caps.drop all |
| 17 | netfilter | 19 | netfilter |
| 18 | # nogroups | 20 | # nogroups |
diff --git a/etc/smtube.profile b/etc/smtube.profile index 2694dd5b0..a8f57f07e 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
| @@ -17,6 +17,8 @@ include /etc/firejail/disable-devel.inc | |||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 19 | 19 | ||
| 20 | include /etc/firejail/whitelist-var-common.inc | ||
| 21 | |||
| 20 | caps.drop all | 22 | caps.drop all |
| 21 | netfilter | 23 | netfilter |
| 22 | nodvd | 24 | nodvd |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index cd6496a7b..ff55e1c40 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
| @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
| 14 | mkdir ~/.local/share/supertux2 | 14 | mkdir ~/.local/share/supertux2 |
| 15 | whitelist ~/.local/share/supertux2 | 15 | whitelist ~/.local/share/supertux2 |
| 16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
| 17 | include /etc/firejail/whitelist-var-common.inc | ||
| 17 | 18 | ||
| 18 | caps.drop all | 19 | caps.drop all |
| 19 | net none | 20 | net none |
diff --git a/etc/vim.profile b/etc/vim.profile index 97ed06d96..e1d5da9e3 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
| @@ -23,3 +23,5 @@ notv | |||
| 23 | novideo | 23 | novideo |
| 24 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
| 25 | seccomp | 25 | seccomp |
| 26 | |||
| 27 | private-dev | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 976f7db5f..43eacdafc 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
| @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
| 17 | whitelist ~/.warzone2100-3.1 | 17 | whitelist ~/.warzone2100-3.1 |
| 18 | whitelist ~/.warzone2100-3.2 | 18 | whitelist ~/.warzone2100-3.2 |
| 19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
| 20 | include /etc/firejail/whitelist-var-common.inc | ||
| 20 | 21 | ||
| 21 | caps.drop all | 22 | caps.drop all |
| 22 | netfilter | 23 | netfilter |
diff --git a/etc/wget.profile b/etc/wget.profile index 5072cb9c5..510ef18f3 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
| @@ -14,6 +14,8 @@ include /etc/firejail/disable-common.inc | |||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 16 | 16 | ||
| 17 | include /etc/firejail/whitelist-var-common.inc | ||
| 18 | |||
| 17 | caps.drop all | 19 | caps.drop all |
| 18 | netfilter | 20 | netfilter |
| 19 | no3d | 21 | no3d |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 35e781f67..e283b6149 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | # caps.drop all | 17 | # caps.drop all |
| 16 | caps.keep dac_override,net_admin,net_raw | 18 | caps.keep dac_override,net_admin,net_raw |
| 17 | netfilter | 19 | netfilter |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index f34358521..8caba5cc5 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | caps.drop all | 17 | caps.drop all |
| 16 | net none | 18 | net none |
| 17 | no3d | 19 | no3d |