4 files changed, 13 insertions, 7 deletions
diff --git a/etc/akregator.profile b/etc/akregator.profile
index 55434e45b..f2e5ea341 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -19,6 +19,8 @@ whitelist ${HOME}/.config/akregatorrc
 whitelist ${HOME}/.local/share/akregator
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 no3d
@@ -28,7 +30,7 @@ nonewprivs
 noroot
 notv
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
diff --git a/etc/display.profile b/etc/display.profile
index 44d37d5b2..eca749cec 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 net none
 nodvd
@@ -22,9 +24,9 @@ notv
 protocol unix
 seccomp
 shell none
-x11 xorg
+# x11 xorg - problems on kubuntu 17.04
-private-bin display
+# private-bin display - requires python
 private-dev
-private-etc none
+# private-etc none - on Debian-based systems display is a symlink in /etc/alternatives
 private-tmp
diff --git a/etc/knotes.profile b/etc/knotes.profile
index a1d303ded..039f1b057 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 nodvd
@@ -25,7 +27,5 @@ seccomp
 shell none
 tracelog
-# private-bin kate
 private-dev
-# private-etc fonts
+#private-tmp - problems on kubuntu 17.04
-private-tmp
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 540a428cc..0c6bf9cde 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 net none
 no3d

diff --git a/etc/akregator.profile b/etc/akregator.profile index 55434e45b..f2e5ea341 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile
@@ -19,6 +19,8 @@ whitelist ${HOME}/.config/akregatorrc
19	whitelist ${HOME}/.local/share/akregator	19	whitelist ${HOME}/.local/share/akregator
20	include /etc/firejail/whitelist-common.inc	20	include /etc/firejail/whitelist-common.inc
21		21
		22	include /etc/firejail/whitelist-var-common.inc
		23
22	caps.drop all	24	caps.drop all
23	netfilter	25	netfilter
24	no3d	26	no3d
@@ -28,7 +30,7 @@ nonewprivs
28	noroot	30	noroot
29	notv	31	notv
30	novideo	32	novideo
31	protocol unix,inet,inet6	33	protocol unix,inet,inet6,netlink
32	seccomp	34	seccomp
33	shell none	35	shell none
34		36


diff --git a/etc/display.profile b/etc/display.profile index 44d37d5b2..eca749cec 100644 --- a/etc/display.profile +++ b/etc/display.profile
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	12	include /etc/firejail/disable-programs.inc
13		13
		14	include /etc/firejail/whitelist-var-common.inc
		15
14	caps.drop all	16	caps.drop all
15	net none	17	net none
16	nodvd	18	nodvd
@@ -22,9 +24,9 @@ notv
22	protocol unix	24	protocol unix
23	seccomp	25	seccomp
24	shell none	26	shell none
25	x11 xorg	27	# x11 xorg - problems on kubuntu 17.04
26		28
27	private-bin display	29	# private-bin display - requires python
28	private-dev	30	private-dev
29	private-etc none	31	# private-etc none - on Debian-based systems display is a symlink in /etc/alternatives
30	private-tmp	32	private-tmp


diff --git a/etc/knotes.profile b/etc/knotes.profile index a1d303ded..039f1b057 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-common.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	netfilter	18	netfilter
17	nodvd	19	nodvd
@@ -25,7 +27,5 @@ seccomp
25	shell none	27	shell none
26	tracelog	28	tracelog
27		29
28	# private-bin kate
29	private-dev	30	private-dev
30	# private-etc fonts	31	#private-tmp - problems on kubuntu 17.04
31	private-tmp


diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 540a428cc..0c6bf9cde 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	net none	18	net none
17	no3d	19	no3d