diff options
-rw-r--r-- | etc/7z.profile | 5 | ||||
-rw-r--r-- | etc/atool.profile | 3 | ||||
-rw-r--r-- | etc/cpio.profile | 3 | ||||
-rw-r--r-- | etc/elinks.profile | 3 | ||||
-rw-r--r-- | etc/exiftool.profile | 3 | ||||
-rw-r--r-- | etc/git.profile | 4 | ||||
-rw-r--r-- | etc/gpg-agent.profile | 3 | ||||
-rw-r--r-- | etc/gpg.profile | 3 | ||||
-rw-r--r-- | etc/highlight.profile | 4 | ||||
-rw-r--r-- | etc/less.profile | 3 | ||||
-rw-r--r-- | etc/lynx.profile | 3 | ||||
-rw-r--r-- | etc/mediainfo.profile | 3 | ||||
-rw-r--r-- | etc/mutt.profile | 3 | ||||
-rw-r--r-- | etc/odt2txt.profile | 3 | ||||
-rw-r--r-- | etc/pdftotext.profile | 3 | ||||
-rw-r--r-- | etc/ssh-agent.profile | 3 | ||||
-rw-r--r-- | etc/strings.profile | 3 | ||||
-rw-r--r-- | etc/tracker.profile | 3 | ||||
-rw-r--r-- | etc/w3m.profile | 3 | ||||
-rw-r--r-- | etc/wget.profile | 2 | ||||
-rw-r--r-- | etc/xpra.profile | 2 |
21 files changed, 62 insertions, 3 deletions
diff --git a/etc/7z.profile b/etc/7z.profile index 0cb72ff8d..319126540 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -1,9 +1,14 @@ | |||
1 | # 7zip crompression tool profile | 1 | # 7zip crompression tool profile |
2 | quiet | 2 | quiet |
3 | ignore noroot | 3 | ignore noroot |
4 | |||
4 | include /etc/firejail/default.profile | 5 | include /etc/firejail/default.profile |
6 | |||
7 | blacklist /tmp/.X11-unix | ||
8 | |||
5 | tracelog | 9 | tracelog |
6 | net none | 10 | net none |
7 | shell none | 11 | shell none |
8 | private-dev | 12 | private-dev |
9 | nosound | 13 | nosound |
14 | no3d | ||
diff --git a/etc/atool.profile b/etc/atool.profile index 3fbfb9fc7..578a88fc7 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -13,9 +13,12 @@ protocol unix | |||
13 | seccomp | 13 | seccomp |
14 | netfilter | 14 | netfilter |
15 | net none | 15 | net none |
16 | no3d | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | # private-bin atool | 22 | # private-bin atool |
20 | private-tmp | 23 | private-tmp |
21 | private-dev | 24 | private-dev |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 519bd244c..cf89acdac 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -16,6 +16,7 @@ shell none | |||
16 | tracelog | 16 | tracelog |
17 | net none | 17 | net none |
18 | nosound | 18 | nosound |
19 | no3d | ||
19 | 20 | ||
20 | 21 | blacklist /tmp/.X11-unix | |
21 | 22 | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index df817ea56..ade15f203 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -11,12 +11,15 @@ nogroups | |||
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | no3d | ||
14 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
15 | seccomp | 16 | seccomp |
16 | netfilter | 17 | netfilter |
17 | shell none | 18 | shell none |
18 | tracelog | 19 | tracelog |
19 | 20 | ||
21 | blacklist /tmp/.X11-unix | ||
22 | |||
20 | # private-bin elinks | 23 | # private-bin elinks |
21 | private-tmp | 24 | private-tmp |
22 | private-dev | 25 | private-dev |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 384695473..1cae8c093 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -17,9 +17,12 @@ protocol unix | |||
17 | seccomp | 17 | seccomp |
18 | netfilter | 18 | netfilter |
19 | net none | 19 | net none |
20 | no3d | ||
20 | shell none | 21 | shell none |
21 | tracelog | 22 | tracelog |
22 | 23 | ||
24 | blacklist /tmp/.X11-unix | ||
25 | |||
23 | # private-bin exiftool,perl | 26 | # private-bin exiftool,perl |
24 | private-tmp | 27 | private-tmp |
25 | private-dev | 28 | private-dev |
diff --git a/etc/git.profile b/etc/git.profile index d60e58c03..80e534e20 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -12,15 +12,17 @@ include /etc/firejail/disable-common.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | 14 | ||
15 | |||
16 | caps.drop all | 15 | caps.drop all |
17 | netfilter | 16 | netfilter |
18 | nogroups | 17 | nogroups |
19 | nonewprivs | 18 | nonewprivs |
20 | noroot | 19 | noroot |
21 | nosound | 20 | nosound |
21 | no3d | ||
22 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
23 | seccomp | 23 | seccomp |
24 | shell none | 24 | shell none |
25 | 25 | ||
26 | blacklist /tmp/.X11-unix | ||
27 | |||
26 | private-dev | 28 | private-dev |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index b0ebdf43c..59c7383d7 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -14,9 +14,12 @@ nosound | |||
14 | protocol unix | 14 | protocol unix |
15 | seccomp | 15 | seccomp |
16 | netfilter | 16 | netfilter |
17 | no3d | ||
17 | shell none | 18 | shell none |
18 | tracelog | 19 | tracelog |
19 | 20 | ||
21 | blacklist /tmp/.X11-unix | ||
22 | |||
20 | # private-bin gpg-agent,gpg | 23 | # private-bin gpg-agent,gpg |
21 | private-tmp | 24 | private-tmp |
22 | private-dev | 25 | private-dev |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 31372eb90..d711c6f3e 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -15,9 +15,12 @@ protocol unix | |||
15 | seccomp | 15 | seccomp |
16 | netfilter | 16 | netfilter |
17 | net none | 17 | net none |
18 | no3d | ||
18 | shell none | 19 | shell none |
19 | tracelog | 20 | tracelog |
20 | 21 | ||
22 | blacklist /tmp/.X11-unix | ||
23 | |||
21 | # private-bin gpg,gpg-agent | 24 | # private-bin gpg,gpg-agent |
22 | private-tmp | 25 | private-tmp |
23 | private-dev | 26 | private-dev |
diff --git a/etc/highlight.profile b/etc/highlight.profile index f95f3924a..4bab18349 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -13,10 +13,14 @@ protocol unix | |||
13 | seccomp | 13 | seccomp |
14 | netfilter | 14 | netfilter |
15 | net none | 15 | net none |
16 | no3d | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | private-bin highlight | 22 | private-bin highlight |
23 | # private-etc none | ||
20 | private-tmp | 24 | private-tmp |
21 | private-dev | 25 | private-dev |
22 | 26 | ||
diff --git a/etc/less.profile b/etc/less.profile index 08758aead..c01dfc466 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -5,7 +5,10 @@ include /etc/firejail/default.profile | |||
5 | 5 | ||
6 | net none | 6 | net none |
7 | nosound | 7 | nosound |
8 | no3d | ||
8 | shell none | 9 | shell none |
9 | tracelog | 10 | tracelog |
10 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
11 | private-dev | 14 | private-dev |
diff --git a/etc/lynx.profile b/etc/lynx.profile index 6e150f62e..3e8d72103 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -9,12 +9,15 @@ nogroups | |||
9 | nonewprivs | 9 | nonewprivs |
10 | noroot | 10 | noroot |
11 | nosound | 11 | nosound |
12 | no3d | ||
12 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
13 | seccomp | 14 | seccomp |
14 | netfilter | 15 | netfilter |
15 | shell none | 16 | shell none |
16 | tracelog | 17 | tracelog |
17 | 18 | ||
19 | blacklist /tmp/.X11-unix | ||
20 | |||
18 | # private-bin lynx | 21 | # private-bin lynx |
19 | private-tmp | 22 | private-tmp |
20 | private-dev | 23 | private-dev |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index c07a9a9e8..65d12c49e 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -9,6 +9,7 @@ nogroups | |||
9 | nonewprivs | 9 | nonewprivs |
10 | noroot | 10 | noroot |
11 | nosound | 11 | nosound |
12 | no3d | ||
12 | protocol unix | 13 | protocol unix |
13 | seccomp | 14 | seccomp |
14 | netfilter | 15 | netfilter |
@@ -16,6 +17,8 @@ net none | |||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | private-bin mediainfo | 22 | private-bin mediainfo |
20 | private-tmp | 23 | private-tmp |
21 | private-dev | 24 | private-dev |
diff --git a/etc/mutt.profile b/etc/mutt.profile index 2718421c5..5a714de4a 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -33,8 +33,11 @@ nogroups | |||
33 | nonewprivs | 33 | nonewprivs |
34 | noroot | 34 | noroot |
35 | nosound | 35 | nosound |
36 | no3d | ||
36 | protocol unix,inet,inet6 | 37 | protocol unix,inet,inet6 |
37 | seccomp | 38 | seccomp |
38 | shell none | 39 | shell none |
39 | 40 | ||
41 | blacklist /tmp/.X11-unix | ||
42 | |||
40 | private-dev | 43 | private-dev |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 329275022..c4e28f70e 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -13,9 +13,12 @@ protocol unix | |||
13 | seccomp | 13 | seccomp |
14 | netfilter | 14 | netfilter |
15 | net none | 15 | net none |
16 | no3d | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | private-bin odt2txt | 22 | private-bin odt2txt |
20 | private-tmp | 23 | private-tmp |
21 | private-dev | 24 | private-dev |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 632c9d15e..fe9e9e3cd 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -13,9 +13,12 @@ protocol unix | |||
13 | seccomp | 13 | seccomp |
14 | netfilter | 14 | netfilter |
15 | net none | 15 | net none |
16 | no3d | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | private-bin pdftotext | 22 | private-bin pdftotext |
20 | private-tmp | 23 | private-tmp |
21 | private-dev | 24 | private-dev |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 548ede37d..bea3a6061 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -12,5 +12,8 @@ caps.drop all | |||
12 | netfilter | 12 | netfilter |
13 | nonewprivs | 13 | nonewprivs |
14 | noroot | 14 | noroot |
15 | no3d | ||
15 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
16 | seccomp | 17 | seccomp |
18 | |||
19 | blacklist /tmp/.X11-unix | ||
diff --git a/etc/strings.profile b/etc/strings.profile index 2b7724b11..2bbab1366 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -7,5 +7,6 @@ net none | |||
7 | nosound | 7 | nosound |
8 | shell none | 8 | shell none |
9 | tracelog | 9 | tracelog |
10 | |||
11 | private-dev | 10 | private-dev |
11 | no3d | ||
12 | blacklist /tmp/.X11-unix | ||
diff --git a/etc/tracker.profile b/etc/tracker.profile index 217631216..7f4f371eb 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -12,12 +12,15 @@ nogroups | |||
12 | nonewprivs | 12 | nonewprivs |
13 | noroot | 13 | noroot |
14 | nosound | 14 | nosound |
15 | no3d | ||
15 | protocol unix | 16 | protocol unix |
16 | seccomp | 17 | seccomp |
17 | netfilter | 18 | netfilter |
18 | shell none | 19 | shell none |
19 | tracelog | 20 | tracelog |
20 | 21 | ||
22 | blacklist /tmp/.X11-unix | ||
23 | |||
21 | # private-bin tracker | 24 | # private-bin tracker |
22 | # private-tmp | 25 | # private-tmp |
23 | # private-dev | 26 | # private-dev |
diff --git a/etc/w3m.profile b/etc/w3m.profile index d765217cf..7ee91bb70 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -11,12 +11,15 @@ nogroups | |||
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | no3d | ||
14 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
15 | seccomp | 16 | seccomp |
16 | netfilter | 17 | netfilter |
17 | shell none | 18 | shell none |
18 | tracelog | 19 | tracelog |
19 | 20 | ||
21 | blacklist /tmp/.X11-unix | ||
22 | |||
20 | # private-bin w3m | 23 | # private-bin w3m |
21 | private-tmp | 24 | private-tmp |
22 | private-dev | 25 | private-dev |
diff --git a/etc/wget.profile b/etc/wget.profile index d9bca2acc..ff4b92bae 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -10,10 +10,12 @@ nonewprivs | |||
10 | noroot | 10 | noroot |
11 | nogroups | 11 | nogroups |
12 | nosound | 12 | nosound |
13 | no3d | ||
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
14 | seccomp | 15 | seccomp |
15 | shell none | 16 | shell none |
16 | 17 | ||
18 | blacklist /tmp/.X11-unix | ||
17 | 19 | ||
18 | # private-bin wget | 20 | # private-bin wget |
19 | # private-etc resolv.conf | 21 | # private-etc resolv.conf |
diff --git a/etc/xpra.profile b/etc/xpra.profile index 8584e4e5b..32be90b19 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -14,6 +14,8 @@ shell none | |||
14 | seccomp | 14 | seccomp |
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | 16 | ||
17 | # blacklist /tmp/.X11-unix | ||
18 | |||
17 | # private-bin | 19 | # private-bin |
18 | private-dev | 20 | private-dev |
19 | private-tmp | 21 | private-tmp |