diff options
author | Matt Parnell <parwok@gmail.com> | 2015-11-15 15:44:29 -0600 |
---|---|---|
committer | Matt Parnell <parwok@gmail.com> | 2015-11-15 15:44:29 -0600 |
commit | e31cad056ab3ee448ed831c9948d17e35a14e47d (patch) | |
tree | a404f825adfad8a88105c869ffd943819d66f6cb /etc | |
parent | whitelist enhancements (diff) | |
download | firejail-e31cad056ab3ee448ed831c9948d17e35a14e47d.tar.gz firejail-e31cad056ab3ee448ed831c9948d17e35a14e47d.tar.zst firejail-e31cad056ab3ee448ed831c9948d17e35a14e47d.zip |
add some other whitelisting for theme and core firefox related functionality on Linux
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firefox.profile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile index 4e69411a0..ffcf6ac59 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
2 | noblacklist ${HOME}/.mozilla | 2 | noblacklist ${HOME}/.mozilla |
3 | noblacklist /usr/lib/firefox | ||
3 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
4 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
@@ -9,7 +10,11 @@ seccomp | |||
9 | protocol unix,inet,inet6,netlink | 10 | protocol unix,inet,inet6,netlink |
10 | netfilter | 11 | netfilter |
11 | noroot | 12 | noroot |
13 | whitelist ~/.config/mimeapps.list | ||
14 | whitelist ~/.gtkrc | ||
15 | whitelist ~/.icons | ||
12 | whitelist ~/.mozilla | 16 | whitelist ~/.mozilla |
17 | whitelist ~/.themes | ||
13 | whitelist ~/Downloads | 18 | whitelist ~/Downloads |
14 | whitelist ~/Загрузки | 19 | whitelist ~/Загрузки |
15 | whitelist ~/.cache/mozilla/firefox | 20 | whitelist ~/.cache/mozilla/firefox |
@@ -22,4 +27,4 @@ whitelist ~/.pentadactylrc | |||
22 | whitelist ~/.pentadactyl | 27 | whitelist ~/.pentadactyl |
23 | whitelist ~/.config/gnome-mplayer | 28 | whitelist ~/.config/gnome-mplayer |
24 | whitelist ~/.cache/gnome-mplayer/plugin | 29 | whitelist ~/.cache/gnome-mplayer/plugin |
25 | include /etc/firejail/whitelist-common.inc \ No newline at end of file | 30 | include /etc/firejail/whitelist-common.inc |