diff options
-rw-r--r-- | etc/gnome-mplayer.profile | 5 | ||||
-rw-r--r-- | etc/gpredict.profile | 3 | ||||
-rw-r--r-- | etc/gthumb.profile | 3 | ||||
-rw-r--r-- | etc/hedgewars.profile | 6 | ||||
-rw-r--r-- | etc/hexchat.profile | 6 | ||||
-rw-r--r-- | etc/jitsi.profile | 1 | ||||
-rw-r--r-- | etc/kmail.profile | 4 | ||||
-rw-r--r-- | etc/konversation.profile | 3 | ||||
-rw-r--r-- | etc/spotify.profile | 2 |
9 files changed, 27 insertions, 6 deletions
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 1caea177d..1b0fc9807 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -5,10 +5,13 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | nogroups | ||
8 | nonewprivs | 9 | nonewprivs |
9 | noroot | 10 | noroot |
10 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
11 | seccomp | 12 | seccomp |
12 | |||
13 | shell none | 13 | shell none |
14 | |||
14 | private-bin gnome-mplayer | 15 | private-bin gnome-mplayer |
16 | private-dev | ||
17 | private-tmp | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index a8378a66e..353ecceae 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -15,10 +15,11 @@ nonewprivs | |||
15 | nogroups | 15 | nogroups |
16 | noroot | 16 | noroot |
17 | nosound | 17 | nosound |
18 | protocol unix,inet,inet6,netlink | 18 | protocol unix,inet,inet6 |
19 | seccomp | 19 | seccomp |
20 | shell none | 20 | shell none |
21 | tracelog | 21 | tracelog |
22 | 22 | ||
23 | private-bin gpredict | 23 | private-bin gpredict |
24 | private-dev | 24 | private-dev |
25 | private-tmp | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 3c02576aa..e043c7229 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | nonewprivs | ||
11 | nogroups | 10 | nogroups |
11 | nonewprivs | ||
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | protocol unix | 14 | protocol unix |
@@ -19,3 +19,4 @@ tracelog | |||
19 | private-bin gthumb | 19 | private-bin gthumb |
20 | whitelist /tmp/.X11-unix | 20 | whitelist /tmp/.X11-unix |
21 | private-dev | 21 | private-dev |
22 | private-tmp | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index c5d863bd5..7910b7eb0 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -7,12 +7,16 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | ||
11 | nogroups | ||
10 | nonewprivs | 12 | nonewprivs |
11 | noroot | 13 | noroot |
12 | private-dev | ||
13 | seccomp | 14 | seccomp |
14 | tracelog | 15 | tracelog |
15 | 16 | ||
17 | private-dev | ||
18 | private-tmp | ||
19 | |||
16 | mkdir ~/.hedgewars | 20 | mkdir ~/.hedgewars |
17 | whitelist ~/.hedgewars | 21 | whitelist ~/.hedgewars |
18 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 0d7ee6594..0ff64aef5 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -7,9 +7,11 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | ||
11 | nogroups | ||
10 | nonewprivs | 12 | nonewprivs |
11 | noroot | 13 | noroot |
12 | netfilter | 14 | nosound |
13 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
14 | seccomp | 16 | seccomp |
15 | 17 | ||
@@ -18,3 +20,5 @@ whitelist ~/.config/hexchat | |||
18 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
19 | 21 | ||
20 | # private-bin requires perl, python, etc. | 22 | # private-bin requires perl, python, etc. |
23 | private-dev | ||
24 | private-tmp | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 8baf1ad94..c61158f8b 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -14,3 +14,4 @@ seccomp | |||
14 | shell none | 14 | shell none |
15 | tracelog | 15 | tracelog |
16 | 16 | ||
17 | private-tmp | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index 44a53e258..8c8fd18c4 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -9,7 +9,11 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | 11 | nonewprivs |
12 | nogroups | ||
12 | noroot | 13 | noroot |
13 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6,netlink |
14 | seccomp | 15 | seccomp |
15 | tracelog | 16 | tracelog |
17 | |||
18 | private-dev | ||
19 | private-tmp | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile index 190061618..e9546fd1b 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -7,6 +7,9 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | netfilter | 9 | netfilter |
10 | nogroups | ||
10 | noroot | 11 | noroot |
11 | seccomp | 12 | seccomp |
12 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | |||
15 | private-tmp | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index 6bcb99e0f..73d427db3 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -27,5 +27,5 @@ protocol unix,inet,inet6,netlink | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin spotify | 30 | #private-bin spotify |
31 | private-dev | 31 | private-dev |