Refactoring as whitelist profile (#2773)

* Refactor artha as whitelist profile * Refactor clipit as whitelist profile * Refactor devilspie as whitelist profile * Refactor devilspie2 as whitelist profile * Refactor exfalso as whitelist profile * Refactor pavucontrol as whitelist profile * Refactor pdftotext as whitelist profile * Refactor redshift as whitelist profile * Refactor soundconverter as whitelist profile
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-06-15 03:52:47 +0000
committer: GitHub <noreply@github.com> 2019-06-15 03:52:47 +0000
commit: ce41919d3683440db76045c023b1b3c4741d3e5f (patch)
tree: 4dccfec17f1561335f498b840f4ed37988e6f389 /etc
parent: Remove private-cache in aria2c profile (diff)
download: firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.gz
firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.zst
firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.zip
9 files changed, 45 insertions, 2 deletions
diff --git a/etc/artha.profile b/etc/artha.profile
index 8ef5124de..f4fd0d201 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -16,6 +16,13 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+mkdir ${HOME}/.config/artha.conf
+mkdir ${HOME}/.config/enchant
+whitelist ${HOME}/.config/artha.conf
+whitelist ${HOME}/.config/enchant
+include whitelist-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/clipit.profile b/etc/clipit.profile
index 6e4d3fbaf..44cda0665 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -17,6 +17,13 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/clipit
+mkdir ${HOME}/.local/share/clipit
+whitelist ${HOME}/.config/clipit
+whitelist ${HOME}/.local/share/clipit
+include whitelist-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index 2d100c4b0..ca617983d 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -16,6 +16,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.devilspie
+whitelist ${HOME}/.devilspie
+include whitelist-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 9d67ee76e..74b0dc939 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -19,6 +19,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/devilspie2
+whitelist ${HOME}/.config/devilspie2
+include whitelist-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/exfalso.profile b/etc/exfalso.profile
index ff6398b94..b5eda059f 100644
--- a/etc/exfalso.profile
+++ b/etc/exfalso.profile
@@ -13,6 +13,9 @@ noblacklist ${MUSIC}
 include allow-python2.inc
 include allow-python3.inc
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -21,6 +24,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.quodlibet
+whitelist ${HOME}/.quodlibet
+include whitelist-common.inc
+include whitelist-var-common.inc
 caps.drop all
 machine-id
 netfilter
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
index 18b9b7fc6..3fd4f3668 100644
--- a/etc/pavucontrol.profile
+++ b/etc/pavucontrol.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/pavucontrol.ini
+whitelist ${HOME}/.config/pavucontrol.ini
+include whitelist-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 85e28372e..87d7a87f1 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/redshift.profile b/etc/redshift.profile
index e60877172..0f6d34ed0 100644
--- a/etc/redshift.profile
+++ b/etc/redshift.profile
@@ -18,6 +18,9 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/redshift
+whitelist ${HOME}/.config/redshift
+whitelist ${HOME}/.config/redshift.conf
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index d875146de..efd600eb2 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -6,12 +6,12 @@ include soundconverter.local
 # Persistent global definitions
 include globals.local
-noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -20,6 +20,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
+include whitelist-common.inc
 include whitelist-var-common.inc
 apparmor
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-06-15 03:52:47 +0000
committer	GitHub <noreply@github.com>	2019-06-15 03:52:47 +0000
commit	ce41919d3683440db76045c023b1b3c4741d3e5f (patch)
tree	4dccfec17f1561335f498b840f4ed37988e6f389 /etc
parent	Remove private-cache in aria2c profile (diff)
download	firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.gz firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.zst firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.zip

diff --git a/etc/artha.profile b/etc/artha.profile index 8ef5124de..f4fd0d201 100644 --- a/etc/artha.profile +++ b/etc/artha.profile
@@ -16,6 +16,13 @@ include disable-interpreters.inc
16	include disable-passwdmgr.inc	16	include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18		18
		19	mkdir ${HOME}/.config/artha.conf
		20	mkdir ${HOME}/.config/enchant
		21	whitelist ${HOME}/.config/artha.conf
		22	whitelist ${HOME}/.config/enchant
		23	include whitelist-common.inc
		24	include whitelist-var-common.inc
		25
19	apparmor	26	apparmor
20	caps.drop all	27	caps.drop all
21	ipc-namespace	28	ipc-namespace


diff --git a/etc/clipit.profile b/etc/clipit.profile index 6e4d3fbaf..44cda0665 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile
@@ -17,6 +17,13 @@ include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18	include disable-xdg.inc	18	include disable-xdg.inc
19		19
		20	mkdir ${HOME}/.config/clipit
		21	mkdir ${HOME}/.local/share/clipit
		22	whitelist ${HOME}/.config/clipit
		23	whitelist ${HOME}/.local/share/clipit
		24	include whitelist-common.inc
		25	include whitelist-var-common.inc
		26
20	apparmor	27	apparmor
21	caps.drop all	28	caps.drop all
22	ipc-namespace	29	ipc-namespace


diff --git a/etc/devilspie.profile b/etc/devilspie.profile index 2d100c4b0..ca617983d 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile
@@ -16,6 +16,11 @@ include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
17	include disable-xdg.inc	17	include disable-xdg.inc
18		18
		19	mkdir ${HOME}/.devilspie
		20	whitelist ${HOME}/.devilspie
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
19	apparmor	24	apparmor
20	caps.drop all	25	caps.drop all
21	ipc-namespace	26	ipc-namespace


diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 9d67ee76e..74b0dc939 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile
@@ -19,6 +19,11 @@ include disable-passwdmgr.inc
19	include disable-programs.inc	19	include disable-programs.inc
20	include disable-xdg.inc	20	include disable-xdg.inc
21		21
		22	mkdir ${HOME}/.config/devilspie2
		23	whitelist ${HOME}/.config/devilspie2
		24	include whitelist-common.inc
		25	include whitelist-var-common.inc
		26
22	apparmor	27	apparmor
23	caps.drop all	28	caps.drop all
24	ipc-namespace	29	ipc-namespace


diff --git a/etc/exfalso.profile b/etc/exfalso.profile index ff6398b94..b5eda059f 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile
@@ -13,6 +13,9 @@ noblacklist ${MUSIC}
13	include allow-python2.inc	13	include allow-python2.inc
14	include allow-python3.inc	14	include allow-python3.inc
15		15
		16	whitelist ${DOWNLOADS}
		17	whitelist ${MUSIC}
		18
16	include disable-common.inc	19	include disable-common.inc
17	include disable-devel.inc	20	include disable-devel.inc
18	include disable-exec.inc	21	include disable-exec.inc
@@ -21,6 +24,11 @@ include disable-passwdmgr.inc
21	include disable-programs.inc	24	include disable-programs.inc
22	include disable-xdg.inc	25	include disable-xdg.inc
23		26
		27	mkdir ${HOME}/.quodlibet
		28	whitelist ${HOME}/.quodlibet
		29	include whitelist-common.inc
		30	include whitelist-var-common.inc
		31
24	caps.drop all	32	caps.drop all
25	machine-id	33	machine-id
26	netfilter	34	netfilter


diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 18b9b7fc6..3fd4f3668 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
17	include disable-xdg.inc	17	include disable-xdg.inc
18		18
		19	mkdir ${HOME}/.config/pavucontrol.ini
		20	whitelist ${HOME}/.config/pavucontrol.ini
		21	include whitelist-common.inc
19	include whitelist-var-common.inc	22	include whitelist-var-common.inc
20		23
21	apparmor	24	apparmor


diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 85e28372e..87d7a87f1 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
17	include disable-xdg.inc	17	include disable-xdg.inc
18		18
		19	whitelist ${DOCUMENTS}
		20	whitelist ${DOWNLOADS}
19	include whitelist-var-common.inc	21	include whitelist-var-common.inc
20		22
21	caps.drop all	23	caps.drop all


diff --git a/etc/redshift.profile b/etc/redshift.profile index e60877172..0f6d34ed0 100644 --- a/etc/redshift.profile +++ b/etc/redshift.profile
@@ -18,6 +18,9 @@ include disable-interpreters.inc
18	include disable-programs.inc	18	include disable-programs.inc
19	include disable-xdg.inc	19	include disable-xdg.inc
20		20
		21	mkdir ${HOME}/.config/redshift
		22	whitelist ${HOME}/.config/redshift
		23	whitelist ${HOME}/.config/redshift.conf
21	include whitelist-var-common.inc	24	include whitelist-var-common.inc
22		25
23	apparmor	26	apparmor


diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index d875146de..efd600eb2 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile
@@ -6,12 +6,12 @@ include soundconverter.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${MUSIC}
10
11	# Allow python (blacklisted by disable-interpreters.inc)	9	# Allow python (blacklisted by disable-interpreters.inc)
12	include allow-python2.inc	10	include allow-python2.inc
13	include allow-python3.inc	11	include allow-python3.inc
14		12
		13	noblacklist ${MUSIC}
		14
15	include disable-common.inc	15	include disable-common.inc
16	include disable-devel.inc	16	include disable-devel.inc
17	include disable-exec.inc	17	include disable-exec.inc
@@ -20,6 +20,9 @@ include disable-passwdmgr.inc
20	include disable-programs.inc	20	include disable-programs.inc
21	include disable-xdg.inc	21	include disable-xdg.inc
22		22
		23	whitelist ${DOWNLOADS}
		24	whitelist ${MUSIC}
		25	include whitelist-common.inc
23	include whitelist-var-common.inc	26	include whitelist-var-common.inc
24		27
25	apparmor	28	apparmor