diff options
-rw-r--r-- | etc/checkbashisms.profile | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/itch.profile | 3 | ||||
-rw-r--r-- | etc/pluma.profile | 3 | ||||
-rw-r--r-- | etc/tor-browser.profile | 10 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 20 insertions, 3 deletions
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index fe3202cea..7b2d344e5 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -44,7 +44,7 @@ x11 none | |||
44 | 44 | ||
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-lib perl* | 47 | private-lib libfreebl3.so,perl* |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a1f78e3fe..c0bf1f8d4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -369,6 +369,7 @@ blacklist ${HOME}/.hugin | |||
369 | blacklist ${HOME}/.icedove | 369 | blacklist ${HOME}/.icedove |
370 | blacklist ${HOME}/.imagej | 370 | blacklist ${HOME}/.imagej |
371 | blacklist ${HOME}/.inkscape | 371 | blacklist ${HOME}/.inkscape |
372 | blacklist ${HOME}/.itch | ||
372 | blacklist ${HOME}/.jack-server | 373 | blacklist ${HOME}/.jack-server |
373 | blacklist ${HOME}/.jack-settings | 374 | blacklist ${HOME}/.jack-settings |
374 | blacklist ${HOME}/.jak | 375 | blacklist ${HOME}/.jak |
@@ -628,6 +629,7 @@ blacklist ${HOME}/.teeworlds | |||
628 | blacklist ${HOME}/.thunderbird | 629 | blacklist ${HOME}/.thunderbird |
629 | blacklist ${HOME}/.tilp | 630 | blacklist ${HOME}/.tilp |
630 | blacklist ${HOME}/.tooling | 631 | blacklist ${HOME}/.tooling |
632 | blacklist ${HOME}/.tor-browser | ||
631 | blacklist ${HOME}/.tor-browser-* | 633 | blacklist ${HOME}/.tor-browser-* |
632 | blacklist ${HOME}/.tor-browser_* | 634 | blacklist ${HOME}/.tor-browser_* |
633 | blacklist ${HOME}/.torcs | 635 | blacklist ${HOME}/.torcs |
diff --git a/etc/itch.profile b/etc/itch.profile index c0b4fe6ce..b3c78c810 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | noblacklist ${HOME}/.itch | ||
11 | noblacklist ${HOME}/.config/itch | 12 | noblacklist ${HOME}/.config/itch |
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
@@ -16,7 +17,9 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
18 | 19 | ||
20 | mkdir ${HOME}/.itch | ||
19 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | whitelist ${HOME}/.itch | ||
20 | whitelist ${HOME}/.config/itch | 23 | whitelist ${HOME}/.config/itch |
21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
22 | 25 | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index 81b2b1481..1e0512fd8 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -6,6 +6,7 @@ include pluma.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | ||
9 | noblacklist ${HOME}/.config/pluma | 10 | noblacklist ${HOME}/.config/pluma |
10 | noblacklist ${HOME}/.python-history | 11 | noblacklist ${HOME}/.python-history |
11 | noblacklist ${HOME}/.python_history | 12 | noblacklist ${HOME}/.python_history |
@@ -42,7 +43,7 @@ tracelog | |||
42 | 43 | ||
43 | private-bin pluma | 44 | private-bin pluma |
44 | private-dev | 45 | private-dev |
45 | private-lib pluma | 46 | private-lib aspell,gconv,libgspell-1.so.*,libreadline.so.*,libtinfo.so.*,pluma |
46 | private-tmp | 47 | private-tmp |
47 | 48 | ||
48 | memory-deny-write-execute | 49 | memory-deny-write-execute |
diff --git a/etc/tor-browser.profile b/etc/tor-browser.profile new file mode 100644 index 000000000..0cd84abf5 --- /dev/null +++ b/etc/tor-browser.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile alias for torbrowser-launcher | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | noblacklist ${HOME}/.tor-browser | ||
5 | |||
6 | mkdir ${HOME}/.tor-browser | ||
7 | whitelist ${HOME}/.tor-browser | ||
8 | |||
9 | # Redirect | ||
10 | include torbrowser-launcher.profile | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 75bcb04b4..00b82e852 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -48,7 +48,7 @@ shell none | |||
48 | #tracelog | 48 | #tracelog |
49 | 49 | ||
50 | disable-mnt | 50 | disable-mnt |
51 | private-bin bash,cat,cp,cut,dirname,env,expr,file,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,pwd,python*,readlink,realpath,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity | 51 | private-bin bash,cat,cp,cut,dirname,env,expr,file,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,pwd,python*,readlink,realpath,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity |
52 | private-dev | 52 | private-dev |
53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl | 53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl |
54 | private-tmp | 54 | private-tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 4ee6eea4f..a6f259466 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -561,6 +561,7 @@ thunderbird | |||
561 | thunderbird-beta | 561 | thunderbird-beta |
562 | thunderbird-wayland | 562 | thunderbird-wayland |
563 | tilp | 563 | tilp |
564 | tor-browser | ||
564 | tor-browser-ar | 565 | tor-browser-ar |
565 | tor-browser-ca | 566 | tor-browser-ca |
566 | tor-browser-cs | 567 | tor-browser-cs |