aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar SpotComms <SpotComms@users.noreply.github.com>2017-09-18 19:24:37 -0400
committerLibravatar GitHub <noreply@github.com>2017-09-18 19:24:37 -0400
commite38b65ceb2c283230086bdca5c140dc4b9f3294b (patch)
treecda4674453d448ec26201c04d5ed374812a1b653 /etc
parentAdd a profile for xmr-stak-cpu (diff)
parentUpdate firecfg (diff)
downloadfirejail-e38b65ceb2c283230086bdca5c140dc4b9f3294b.tar.gz
firejail-e38b65ceb2c283230086bdca5c140dc4b9f3294b.tar.zst
firejail-e38b65ceb2c283230086bdca5c140dc4b9f3294b.zip
Merge pull request #1555 from SpotComms/upstream
Upstream many profiles from various sources
Diffstat (limited to 'etc')
-rw-r--r--etc/Natron.profile6
-rw-r--r--etc/Viber.profile38
-rw-r--r--etc/akregator.profile7
-rw-r--r--etc/amule.profile40
-rw-r--r--etc/ardour4.profile6
-rw-r--r--etc/ardour5.profile37
-rw-r--r--etc/brackets.profile29
-rw-r--r--etc/calligra.profile29
-rw-r--r--etc/calligraauthor.profile6
-rw-r--r--etc/calligraconverter.profile6
-rw-r--r--etc/calligraflow.profile6
-rw-r--r--etc/calligraplan.profile6
-rw-r--r--etc/calligraplanwork.profile6
-rw-r--r--etc/calligrasheets.profile6
-rw-r--r--etc/calligrastage.profile6
-rw-r--r--etc/calligrawords.profile6
-rw-r--r--etc/cin.profile31
-rw-r--r--etc/darktable.profile1
-rw-r--r--etc/dia.profile1
-rw-r--r--etc/disable-programs.inc7
-rw-r--r--etc/dooble-qt4.profile6
-rw-r--r--etc/dooble.profile39
-rw-r--r--etc/fetchmail.profile29
-rw-r--r--etc/freecad.profile35
-rw-r--r--etc/freecadcmd.profile6
-rw-r--r--etc/google-earth.profile48
-rw-r--r--etc/hugin.profile1
-rw-r--r--etc/imagej.profile35
-rw-r--r--etc/inkscape.profile1
-rw-r--r--etc/karbon.profile6
-rw-r--r--etc/kdenlive.profile30
-rw-r--r--etc/krita.profile32
-rw-r--r--etc/linphone.profile41
-rw-r--r--etc/lmms.profile34
-rw-r--r--etc/luminance-hdr.profile1
-rw-r--r--etc/macrofusion.profile35
-rw-r--r--etc/mpd.profile33
-rw-r--r--etc/natron.profile33
-rw-r--r--etc/pidgin.profile3
-rw-r--r--etc/ricochet.profile40
-rw-r--r--etc/scribus.profile1
-rw-r--r--etc/shotcut.profile31
-rw-r--r--etc/skype.profile1
-rw-r--r--etc/synfigstudio.profile1
-rw-r--r--etc/teamspeak3.profile39
-rw-r--r--etc/tor-browser-en.profile6
-rw-r--r--etc/tor.profile47
-rw-r--r--etc/torbrowser-launcher.profile11
-rw-r--r--etc/x-terminal-emulator.profile20
-rw-r--r--etc/zart.profile30
50 files changed, 951 insertions, 4 deletions
diff --git a/etc/Natron.profile b/etc/Natron.profile
new file mode 100644
index 000000000..b21790fe4
--- /dev/null
+++ b/etc/Natron.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for natron
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/natron.profile
diff --git a/etc/Viber.profile b/etc/Viber.profile
new file mode 100644
index 000000000..03e5f1086
--- /dev/null
+++ b/etc/Viber.profile
@@ -0,0 +1,38 @@
1# Firejail profile for Viber
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/Viber.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.ViberPC
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.ViberPC
18include /etc/firejail/whitelist-common.inc
19
20caps.drop all
21ipc-namespace
22netfilter
23nodvd
24nogroups
25nonewprivs
26noroot
27notv
28protocol unix,inet,inet6
29seccomp
30shell none
31
32disable-mnt
33private-bin sh,bash,dash,dig,awk,Viber
34private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf
35private-tmp
36
37noexec ${HOME}
38noexec /tmp
diff --git a/etc/akregator.profile b/etc/akregator.profile
index 12bb06fb5..55434e45b 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -13,6 +13,12 @@ include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
15 15
16mkfile ${HOME}/.config/akregatorrc
17mkdir ${HOME}/.local/share/akregator
18whitelist ${HOME}/.config/akregatorrc
19whitelist ${HOME}/.local/share/akregator
20include /etc/firejail/whitelist-common.inc
21
16caps.drop all 22caps.drop all
17netfilter 23netfilter
18no3d 24no3d
@@ -27,6 +33,7 @@ seccomp
27shell none 33shell none
28 34
29disable-mnt 35disable-mnt
36private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
30private-dev 37private-dev
31private-tmp 38private-tmp
32 39
diff --git a/etc/amule.profile b/etc/amule.profile
new file mode 100644
index 000000000..98ec52015
--- /dev/null
+++ b/etc/amule.profile
@@ -0,0 +1,40 @@
1# Firejail profile for amule
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/amule.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.aMule
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.aMule
18include /etc/firejail/whitelist-common.inc
19
20caps.drop all
21ipc-namespace
22netfilter
23no3d
24nodvd
25nogroups
26nonewprivs
27noroot
28nosound
29notv
30novideo
31protocol unix,inet,inet6
32seccomp
33shell none
34
35private-bin amule
36private-dev
37private-tmp
38
39noexec ${HOME}
40noexec /tmp
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
new file mode 100644
index 000000000..7d1163174
--- /dev/null
+++ b/etc/ardour4.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for ardour5
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/ardour5.profile
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
new file mode 100644
index 000000000..69b3dde46
--- /dev/null
+++ b/etc/ardour5.profile
@@ -0,0 +1,37 @@
1# Firejail profile for ardour5
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/ardour5.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.config/ardour4
10noblacklist ${HOME}/.config/ardour5
11noblacklist ${HOME}/.lv2
12noblacklist ${HOME}/.vst
13
14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc
18
19caps.drop all
20ipc-namespace
21net none
22nodvd
23nogroups
24nonewprivs
25noroot
26notv
27protocol unix
28seccomp
29shell none
30
31#private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
32private-dev
33#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts
34private-tmp
35
36noexec ${HOME}
37noexec /tmp
diff --git a/etc/brackets.profile b/etc/brackets.profile
new file mode 100644
index 000000000..0a8c592a7
--- /dev/null
+++ b/etc/brackets.profile
@@ -0,0 +1,29 @@
1# Firejail profile for brackets
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/brackets.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/Brackets
9noblacklist /opt/brackets/
10noblacklist /opt/google/
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17netfilter
18nodvd
19nogroups
20nonewprivs
21noroot
22nosound
23notv
24novideo
25protocol unix,inet,inet6
26seccomp
27shell none
28
29private-dev
diff --git a/etc/calligra.profile b/etc/calligra.profile
new file mode 100644
index 000000000..e90c8efe8
--- /dev/null
+++ b/etc/calligra.profile
@@ -0,0 +1,29 @@
1# Firejail profile for calligra
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/calligra.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8include /etc/firejail/disable-common.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc
12
13caps.drop all
14ipc-namespace
15nodvd
16nogroups
17nonewprivs
18noroot
19notv
20novideo
21protocol unix
22seccomp
23shell none
24
25private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
26private-dev
27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligraauthor.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligraconverter.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligraflow.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligraplan.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligraplanwork.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligrasheets.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligrastage.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
new file mode 100644
index 000000000..629ab46c1
--- /dev/null
+++ b/etc/calligrawords.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for calligra
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/calligra.profile
diff --git a/etc/cin.profile b/etc/cin.profile
new file mode 100644
index 000000000..eeeda476f
--- /dev/null
+++ b/etc/cin.profile
@@ -0,0 +1,31 @@
1# Firejail profile for cin
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/cin.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.bcast5
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15caps.drop all
16ipc-namespace
17net none
18nodvd
19nogroups
20nonewprivs
21notv
22noroot
23protocol unix
24seccomp
25shell none
26
27#private-bin cin
28private-dev
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/darktable.profile b/etc/darktable.profile
index e04163486..c2dc0b42c 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -26,6 +26,7 @@ protocol unix,inet,inet6
26seccomp 26seccomp
27shell none 27shell none
28 28
29#private-bin darktable
29private-dev 30private-dev
30private-tmp 31private-tmp
31 32
diff --git a/etc/dia.profile b/etc/dia.profile
index a625ab36d..abe83ac8c 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -27,6 +27,7 @@ seccomp
27shell none 27shell none
28 28
29disable-mnt 29disable-mnt
30#private-bin dia
30private-dev 31private-dev
31private-tmp 32private-tmp
32 33
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 3007a51b3..88b7e7d32 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -17,8 +17,10 @@ blacklist ${HOME}/.Steam
17blacklist ${HOME}/.Steampath 17blacklist ${HOME}/.Steampath
18blacklist ${HOME}/.Steampid 18blacklist ${HOME}/.Steampid
19blacklist ${HOME}/.TelegramDesktop 19blacklist ${HOME}/.TelegramDesktop
20blacklist ${HOME}/.ViberPC
20blacklist ${HOME}/.VirtualBox 21blacklist ${HOME}/.VirtualBox
21blacklist ${HOME}/.Wolfram Research 22blacklist ${HOME}/.Wolfram Research
23blacklist ${HOME}/.aMule
22blacklist ${HOME}/.android 24blacklist ${HOME}/.android
23blacklist ${HOME}/.arduino15 25blacklist ${HOME}/.arduino15
24blacklist ${HOME}/.atom 26blacklist ${HOME}/.atom
@@ -35,6 +37,7 @@ blacklist ${HOME}/.config/Brackets
35blacklist ${HOME}/.config/Clementine 37blacklist ${HOME}/.config/Clementine
36blacklist ${HOME}/.config/Cryptocat 38blacklist ${HOME}/.config/Cryptocat
37blacklist ${HOME}/.config/Franz 39blacklist ${HOME}/.config/Franz
40blacklist ${HOME}/.config/FreeCAD
38blacklist ${HOME}/.config/Gitter 41blacklist ${HOME}/.config/Gitter
39blacklist ${HOME}/.config/Google 42blacklist ${HOME}/.config/Google
40blacklist ${HOME}/.config/Gpredict 43blacklist ${HOME}/.config/Gpredict
@@ -124,6 +127,7 @@ blacklist ${HOME}/.config/lximage-qt
124blacklist ${HOME}/.config/mate-calc 127blacklist ${HOME}/.config/mate-calc
125blacklist ${HOME}/.config/mate/eom 128blacklist ${HOME}/.config/mate/eom
126blacklist ${HOME}/.config/mate/mate-dictionary 129blacklist ${HOME}/.config/mate/mate-dictionary
130blacklist ${HOME}/.config/mfusion
127blacklist ${HOME}/.config/midori 131blacklist ${HOME}/.config/midori
128blacklist ${HOME}/.config/mpv 132blacklist ${HOME}/.config/mpv
129blacklist ${HOME}/.config/mupen64plus 133blacklist ${HOME}/.config/mupen64plus
@@ -188,6 +192,7 @@ blacklist ${HOME}/.conkeror.mozdev.org
188blacklist ${HOME}/.curlrc 192blacklist ${HOME}/.curlrc
189blacklist ${HOME}/.dia 193blacklist ${HOME}/.dia
190blacklist ${HOME}/.dillo 194blacklist ${HOME}/.dillo
195blacklist ${HOME}/.dooble
191blacklist ${HOME}/.dosbox 196blacklist ${HOME}/.dosbox
192blacklist ${HOME}/.dropbox-dist 197blacklist ${HOME}/.dropbox-dist
193blacklist ${HOME}/.electrum* 198blacklist ${HOME}/.electrum*
@@ -212,6 +217,7 @@ blacklist ${HOME}/.guayadeque
212blacklist ${HOME}/.hedgewars 217blacklist ${HOME}/.hedgewars
213blacklist ${HOME}/.hugin 218blacklist ${HOME}/.hugin
214blacklist ${HOME}/.icedove 219blacklist ${HOME}/.icedove
220blacklist ${HOME}/.imagej
215blacklist ${HOME}/.inkscape 221blacklist ${HOME}/.inkscape
216blacklist ${HOME}/.java 222blacklist ${HOME}/.java
217blacklist ${HOME}/.jitsi 223blacklist ${HOME}/.jitsi
@@ -410,6 +416,7 @@ blacklist ${HOME}/.cache/google-chrome
410blacklist ${HOME}/.cache/google-chrome-beta 416blacklist ${HOME}/.cache/google-chrome-beta
411blacklist ${HOME}/.cache/google-chrome-unstable 417blacklist ${HOME}/.cache/google-chrome-unstable
412blacklist ${HOME}/.cache/icedove 418blacklist ${HOME}/.cache/icedove
419blacklist ${HOME}/.cache/INRIA/Natron
413blacklist ${HOME}/.cache/inox 420blacklist ${HOME}/.cache/inox
414blacklist ${HOME}/.cache/libgweather 421blacklist ${HOME}/.cache/libgweather
415blacklist ${HOME}/.cache/midori 422blacklist ${HOME}/.cache/midori
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
new file mode 100644
index 000000000..4e1227a0f
--- /dev/null
+++ b/etc/dooble-qt4.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for dooble
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/dooble.profile
diff --git a/etc/dooble.profile b/etc/dooble.profile
new file mode 100644
index 000000000..2a57b0ef3
--- /dev/null
+++ b/etc/dooble.profile
@@ -0,0 +1,39 @@
1# Firejail profile for dooble
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.dooble
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16mkdir ${HOME}/.dooble
17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.dooble
19include /etc/firejail/whitelist-common.inc
20
21caps.drop all
22netfilter
23nodvd
24nogroups
25nonewprivs
26noroot
27notv
28novideo
29protocol unix,inet,inet6,netlink
30seccomp
31shell none
32tracelog
33
34disable-mnt
35private-dev
36private-tmp
37
38noexec ${HOME}
39noexec /tmp
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
new file mode 100644
index 000000000..3fd7f3d75
--- /dev/null
+++ b/etc/fetchmail.profile
@@ -0,0 +1,29 @@
1# Firejail profile for fetchmail
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/fetchmail.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15netfilter
16no3d
17nodvd
18nogroups
19nonewprivs
20noroot
21nosound
22notv
23novideo
24protocol unix,inet,inet6
25seccomp
26shell none
27
28#private-bin fetchmail,procmail,bash,chmod
29private-dev
diff --git a/etc/freecad.profile b/etc/freecad.profile
new file mode 100644
index 000000000..4fde66839
--- /dev/null
+++ b/etc/freecad.profile
@@ -0,0 +1,35 @@
1# Firejail profile for freecad
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/freecad.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.config/FreeCAD
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17ipc-namespace
18net none
19nodvd
20nogroups
21nonewprivs
22noroot
23nosound
24notv
25novideo
26protocol unix
27seccomp
28shell none
29
30private-bin freecad,freecadcmd
31private-dev
32private-tmp
33
34noexec ${HOME}
35noexec /tmp
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
new file mode 100644
index 000000000..f8bbff593
--- /dev/null
+++ b/etc/freecadcmd.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for freecad
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/freecad.profile
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
new file mode 100644
index 000000000..b60f5b3a5
--- /dev/null
+++ b/etc/google-earth.profile
@@ -0,0 +1,48 @@
1# Firejail profile for google-earth
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/google-earth.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/Google
9noblacklist ${HOME}/.googleearth/Cache/
10noblacklist ${HOME}/.googleearth/Temp/
11noblacklist ${HOME}/.googleearth/myplaces.backup.kml
12noblacklist ${HOME}/.googleearth/myplaces.kml
13
14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc
18
19mkdir ${HOME}/.config/Google
20mkdir ${HOME}/.googleearth/Cache/
21mkdir ${HOME}/.googleearth/Temp/
22mkfile ${HOME}/.googleearth/myplaces.backup.kml
23mkfile ${HOME}/.googleearth/myplaces.kml
24whitelist ${HOME}/.config/Google
25whitelist ${HOME}/.googleearth/Cache/
26whitelist ${HOME}/.googleearth/Temp/
27whitelist ${HOME}/.googleearth/myplaces.backup.kml
28whitelist ${HOME}/.googleearth/myplaces.kml
29include /etc/firejail/whitelist-common.inc
30
31caps.drop all
32ipc-namespace
33netfilter
34nodvd
35nogroups
36nonewprivs
37noroot
38notv
39novideo
40protocol unix,inet,inet6
41seccomp
42shell none
43
44private-bin google-earth,sh,bash,dash,grep,sed,ls,dirname
45private-dev
46
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/hugin.profile b/etc/hugin.profile
index d3cd181b1..ff88e0d5c 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -25,6 +25,7 @@ protocol unix
25seccomp 25seccomp
26shell none 26shell none
27 27
28private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
28private-dev 29private-dev
29private-tmp 30private-tmp
30 31
diff --git a/etc/imagej.profile b/etc/imagej.profile
new file mode 100644
index 000000000..88a56c706
--- /dev/null
+++ b/etc/imagej.profile
@@ -0,0 +1,35 @@
1# Firejail profile for imagej
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/imagej.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.imagej
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17ipc-namespace
18net none
19nodvd
20nogroups
21nonewprivs
22noroot
23nosound
24notv
25novideo
26protocol unix
27seccomp
28shell none
29
30private-bin imagej,bash,grep,sort,tail,tr,cut,whoami,hostname,uname,mkdir,ls,touch,free,awk,update-java-alternatives,basename,xprop,rm,ln
31private-dev
32private-tmp
33
34noexec ${HOME}
35noexec /tmp
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 3266d8230..c062ab8ef 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -27,6 +27,7 @@ protocol unix
27seccomp 27seccomp
28shell none 28shell none
29 29
30#private-bin inkscape
30private-dev 31private-dev
31private-tmp 32private-tmp
32 33
diff --git a/etc/karbon.profile b/etc/karbon.profile
new file mode 100644
index 000000000..3525a3e06
--- /dev/null
+++ b/etc/karbon.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for krita
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/krita.profile
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
new file mode 100644
index 000000000..a1a5f957c
--- /dev/null
+++ b/etc/kdenlive.profile
@@ -0,0 +1,30 @@
1# Firejail profile for kdenlive
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/kdenlive.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15net none
16nodvd
17nogroups
18nonewprivs
19noroot
20notv
21protocol unix,inet,inet6
22seccomp
23shell none
24
25private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
26private-dev
27#private-etc fonts,alternatives,X11,pulse,passwd
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/krita.profile b/etc/krita.profile
new file mode 100644
index 000000000..e91f5b242
--- /dev/null
+++ b/etc/krita.profile
@@ -0,0 +1,32 @@
1# Firejail profile for krita
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/krita.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15ipc-namespace
16net none
17nodvd
18nogroups
19nonewprivs
20noroot
21nosound
22notv
23novideo
24protocol unix
25seccomp
26shell none
27
28private-dev
29private-tmp
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/linphone.profile b/etc/linphone.profile
new file mode 100644
index 000000000..41f9245a2
--- /dev/null
+++ b/etc/linphone.profile
@@ -0,0 +1,41 @@
1# Firejail profile for linphone
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/linphone.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.linphone-history.db
9noblacklist ${HOME}/.linphonerc
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16mkfile ${HOME}/.linphone-history.db
17mkfile ${HOME}/.linphonerc
18whitelist ${HOME}/.linphone-history.db
19whitelist ${HOME}/.linphonerc
20whitelist ${HOME}/Downloads
21include /etc/firejail/whitelist-common.inc
22
23caps.drop all
24netfilter
25no3d
26nodvd
27nogroups
28nonewprivs
29noroot
30notv
31novideo
32protocol unix,inet,inet6
33seccomp
34shell none
35
36disable-mnt
37private-dev
38private-tmp
39
40noexec ${HOME}
41noexec /tmp
diff --git a/etc/lmms.profile b/etc/lmms.profile
new file mode 100644
index 000000000..29ed235c6
--- /dev/null
+++ b/etc/lmms.profile
@@ -0,0 +1,34 @@
1# Firejail profile for lmms
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/lmms.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.lmmsrc.xml
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17ipc-namespace
18net none
19no3d
20nodvd
21nogroups
22nonewprivs
23noroot
24notv
25novideo
26protocol unix
27seccomp
28shell none
29
30private-dev
31private-tmp
32
33noexec ${HOME}
34noexec /tmp
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index bd32e0c70..ec2a65290 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -26,6 +26,7 @@ seccomp
26shell none 26shell none
27tracelog 27tracelog
28 28
29#private-bin luminance-hdr,luminance-hdr-cli,align_image_stack
29private-dev 30private-dev
30private-tmp 31private-tmp
31 32
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
new file mode 100644
index 000000000..be66cf6ee
--- /dev/null
+++ b/etc/macrofusion.profile
@@ -0,0 +1,35 @@
1# Firejail profile for macrofusion
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/macrofusion.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.config/mfusion
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17ipc-namespace
18net none
19nodvd
20nogroups
21nonewprivs
22noroot
23nosound
24notv
25novideo
26protocol unix
27seccomp
28shell none
29
30#private-bin python3,macrofusion,env,enfuse,exiftool,align_image_stack
31private-dev
32private-tmp
33
34noexec ${HOME}
35noexec /tmp
diff --git a/etc/mpd.profile b/etc/mpd.profile
new file mode 100644
index 000000000..7bfa47d77
--- /dev/null
+++ b/etc/mpd.profile
@@ -0,0 +1,33 @@
1# Firejail profile for mpd
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/mpd.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.mpdconf
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17netfilter
18no3d
19nodvd
20nonewprivs
21noroot
22notv
23novideo
24protocol unix,inet,inet6
25seccomp
26shell none
27
28#private-bin mpd,bash
29private-dev
30private-tmp
31
32noexec ${HOME}
33noexec /tmp
diff --git a/etc/natron.profile b/etc/natron.profile
new file mode 100644
index 000000000..d77539d83
--- /dev/null
+++ b/etc/natron.profile
@@ -0,0 +1,33 @@
1# Firejail profile for natron
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/natron.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.Natron
10noblacklist ${HOME}/.cache/INRIA/Natron
11noblacklist ${HOME}/.config/INRIA
12noblacklist /opt/natron
13
14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc
18
19caps.drop all
20netfilter
21nodvd
22nogroups
23nonewprivs
24noroot
25notv
26protocol unix,inet,inet6
27seccomp
28shell none
29
30private-bin natron,Natron,NatronRenderer
31
32noexec ${HOME}
33noexec /tmp
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index dd610920a..d195cf586 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -27,3 +27,6 @@ tracelog
27private-bin pidgin 27private-bin pidgin
28private-dev 28private-dev
29private-tmp 29private-tmp
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
new file mode 100644
index 000000000..6da0e21d5
--- /dev/null
+++ b/etc/ricochet.profile
@@ -0,0 +1,40 @@
1# Firejail profile for ricochet
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/ricochet.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.local/share/Ricochet
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.local/share/Ricochet
18include /etc/firejail/whitelist-common.inc
19
20caps.drop all
21ipc-namespace
22netfilter
23no3d
24nodvd
25nogroups
26nonewprivs
27noroot
28notv
29novideo
30protocol unix,inet,inet6
31seccomp
32shell none
33
34disable-mnt
35private-bin ricochet,tor
36private-dev
37#private-etc fonts,tor,X11,alternatives
38
39noexec ${HOME}
40noexec /tmp
diff --git a/etc/scribus.profile b/etc/scribus.profile
index e4c88be49..dd06fa59f 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -38,5 +38,6 @@ protocol unix
38seccomp 38seccomp
39tracelog 39tracelog
40 40
41#private-bin scribus,gs
41private-dev 42private-dev
42# private-tmp 43# private-tmp
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
new file mode 100644
index 000000000..e30bc1f46
--- /dev/null
+++ b/etc/shotcut.profile
@@ -0,0 +1,31 @@
1# Firejail profile for shotcut
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/shotcut.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.config/Meltytech
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17net none
18nodvd
19nogroups
20nonewprivs
21noroot
22notv
23protocol unix
24seccomp
25shell none
26
27#private-bin shotcut,melt,qmelt,nice
28private-dev
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/skype.profile b/etc/skype.profile
index f3e504a3f..b12f9879e 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -24,6 +24,7 @@ seccomp
24shell none 24shell none
25 25
26disable-mnt 26disable-mnt
27#private-bin skype,bash
27private-dev 28private-dev
28private-tmp 29private-tmp
29 30
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 08ece1e9b..b0014ace6 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -26,6 +26,7 @@ protocol unix
26seccomp 26seccomp
27shell none 27shell none
28 28
29#private-bin synfigstudio
29private-dev 30private-dev
30private-tmp 31private-tmp
31 32
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile
new file mode 100644
index 000000000..86f96ba50
--- /dev/null
+++ b/etc/teamspeak3.profile
@@ -0,0 +1,39 @@
1# Firejail profile for teamspeak3
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/teamspeak3.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.ts3client
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15mkdir ${HOME}/.ts3client
16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.ts3client
18include /etc/firejail/whitelist-common.inc
19
20caps.drop all
21ipc-namespace
22netfilter
23no3d
24nodvd
25nogroups
26nonewprivs
27noroot
28notv
29novideo
30protocol unix,inet,inet6
31seccomp
32shell none
33
34disable-mnt
35private-dev
36private-tmp
37
38noexec ${HOME}
39noexec /tmp
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
new file mode 100644
index 000000000..bf3a80139
--- /dev/null
+++ b/etc/tor-browser-en.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for torbrowser-launcher
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/torbrowser-launcher.profile
diff --git a/etc/tor.profile b/etc/tor.profile
new file mode 100644
index 000000000..fcb123eef
--- /dev/null
+++ b/etc/tor.profile
@@ -0,0 +1,47 @@
1# Firejail profile for tor
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/tor.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8# How to use:
9# Create a script called anything (e.g. mytor)
10# with the following contents:
11
12# #!/bin/bash
13# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
14# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
15
16# You'll also likely want to disable the system service (if it exists)
17# Run mytor (or whatever you called the script above) whenever you want to start tor
18
19include /etc/firejail/disable-common.inc
20include /etc/firejail/disable-devel.inc
21include /etc/firejail/disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc
23
24caps.keep setuid,setgid,net_bind_service,dac_read_search
25ipc-namespace
26netfilter
27no3d
28nodvd
29nogroups
30nonewprivs
31nosound
32notv
33novideo
34protocol unix,inet,inet6
35seccomp
36shell none
37writable-var
38
39disable-mnt
40private
41private-bin tor,bash
42private-dev
43private-etc tor,passwd
44private-tmp
45
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 763c2d051..3b6b65bec 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -5,17 +5,20 @@ include /etc/firejail/torbrowser-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8noblacklist ~/.tor-browser-en
9noblacklist ~/.config/torbrowser 9noblacklist ~/.config/torbrowser
10whitelist ~/.config/torbrowser
11noblacklist ~/.local/share/torbrowser 10noblacklist ~/.local/share/torbrowser
12whitelist ~/.local/share/torbrowser
13 11
14include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc 13include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 15include /etc/firejail/disable-programs.inc
18 16
17whitelist ~/.tor-browser-en
18whitelist ~/.config/torbrowser
19whitelist ~/.local/share/torbrowser
20include /etc/firejail/whitelist-common.inc
21
19caps.drop all 22caps.drop all
20netfilter 23netfilter
21nodvd 24nodvd
@@ -29,7 +32,7 @@ seccomp
29shell none 32shell none
30tracelog 33tracelog
31 34
32private-bin torbrowser-launcher,python2.7,python,bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf 35private-bin bash,cp,dash,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python,python2.7,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
33private-dev 36private-dev
34private-etc fonts 37private-etc fonts
35private-tmp 38private-tmp
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
new file mode 100644
index 000000000..1395b81c9
--- /dev/null
+++ b/etc/x-terminal-emulator.profile
@@ -0,0 +1,20 @@
1# Firejail profile for x-terminal-emulator
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/x-terminal-emulator.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9caps.drop all
10ipc-namespace
11net none
12netfilter
13nogroups
14noroot
15protocol unix
16seccomp
17
18private-dev
19
20noexec /tmp
diff --git a/etc/zart.profile b/etc/zart.profile
new file mode 100644
index 000000000..6e136d0c9
--- /dev/null
+++ b/etc/zart.profile
@@ -0,0 +1,30 @@
1# Firejail profile for zart
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/zart.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15ipc-namespace
16net none
17nodvd
18nogroups
19nonewprivs
20noroot
21notv
22protocol unix
23seccomp
24shell none
25
26private-bin zart,ffmpeg,melt,ffprobe,ffplay
27private-dev
28
29noexec ${HOME}
30noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 09:59:47 +0000