diff options
-rw-r--r-- | etc/audacious.profile | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 18 | ||||
-rw-r--r-- | etc/dolphin.profile | 3 | ||||
-rw-r--r-- | etc/firefox.profile | 2 | ||||
-rw-r--r-- | etc/nautilus.profile | 1 | ||||
-rw-r--r-- | etc/okular.profile | 6 | ||||
-rw-r--r-- | etc/scribus.profile | 3 |
8 files changed, 32 insertions, 3 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile index d12032166..ea5eb7cb7 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -20,5 +20,4 @@ shell none | |||
20 | tracelog | 20 | tracelog |
21 | 21 | ||
22 | private-bin audacious | 22 | private-bin audacious |
23 | private-dev | ||
24 | private-tmp | 23 | private-tmp |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 27a2d8ab7..45541906a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -62,6 +62,7 @@ blacklist ${HOME}/.config/khotkeysrc | |||
62 | blacklist ${HOME}/.config/krunnerrc | 62 | blacklist ${HOME}/.config/krunnerrc |
63 | blacklist ${HOME}/.local/share/kglobalaccel | 63 | blacklist ${HOME}/.local/share/kglobalaccel |
64 | blacklist ${HOME}/.local/share/konsole | 64 | blacklist ${HOME}/.local/share/konsole |
65 | blacklist ${HOME}/.local/share/kservices5 | ||
65 | blacklist ${HOME}/.local/share/solid | 66 | blacklist ${HOME}/.local/share/solid |
66 | 67 | ||
67 | # VirtualBox | 68 | # VirtualBox |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c31b92d1f..da80376d1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -151,6 +151,21 @@ blacklist ${HOME}/.hedgewars | |||
151 | blacklist ${HOME}/.icedove | 151 | blacklist ${HOME}/.icedove |
152 | blacklist ${HOME}/.inkscape | 152 | blacklist ${HOME}/.inkscape |
153 | blacklist ${HOME}/.jitsi | 153 | blacklist ${HOME}/.jitsi |
154 | blacklist ${HOME}/.kde4/share/apps/gwenview | ||
155 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | ||
156 | blacklist ${HOME}/.kde4/share/apps/khtml | ||
157 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | ||
158 | blacklist ${HOME}/.kde4/share/apps/konqueror | ||
159 | blacklist ${HOME}/.kde4/share/apps/okular | ||
160 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | ||
161 | blacklist ${HOME}/.kde4/share/config/k3brc | ||
162 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | ||
163 | blacklist ${HOME}/.kde4/share/config/khtmlrc | ||
164 | blacklist ${HOME}/.kde4/share/config/konq_history | ||
165 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | ||
166 | blacklist ${HOME}/.kde4/share/config/konquerorrc | ||
167 | blacklist ${HOME}/.kde4/share/config/okularpartrc | ||
168 | blacklist ${HOME}/.kde4/share/config/okularrc | ||
154 | blacklist ${HOME}/.kde/share/apps/gwenview | 169 | blacklist ${HOME}/.kde/share/apps/gwenview |
155 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 170 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
156 | blacklist ${HOME}/.kde/share/apps/khtml | 171 | blacklist ${HOME}/.kde/share/apps/khtml |
@@ -158,6 +173,7 @@ blacklist ${HOME}/.kde/share/apps/konqsidebartng | |||
158 | blacklist ${HOME}/.kde/share/apps/konqueror | 173 | blacklist ${HOME}/.kde/share/apps/konqueror |
159 | blacklist ${HOME}/.kde/share/apps/okular | 174 | blacklist ${HOME}/.kde/share/apps/okular |
160 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 175 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
176 | blacklist ${HOME}/.kde/share/config/k3brc | ||
161 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 177 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
162 | blacklist ${HOME}/.kde/share/config/khtmlrc | 178 | blacklist ${HOME}/.kde/share/config/khtmlrc |
163 | blacklist ${HOME}/.kde/share/config/konq_history | 179 | blacklist ${HOME}/.kde/share/config/konq_history |
@@ -200,6 +216,8 @@ blacklist ${HOME}/.local/share/kate | |||
200 | blacklist ${HOME}/.local/share/lollypop | 216 | blacklist ${HOME}/.local/share/lollypop |
201 | blacklist ${HOME}/.local/share/multimc5 | 217 | blacklist ${HOME}/.local/share/multimc5 |
202 | blacklist ${HOME}/.local/share/mupen64plus | 218 | blacklist ${HOME}/.local/share/mupen64plus |
219 | blacklist ${HOME}/.local/share/nautilus | ||
220 | blacklist ${HOME}/.local/share/nemo | ||
203 | blacklist ${HOME}/.local/share/pix | 221 | blacklist ${HOME}/.local/share/pix |
204 | blacklist ${HOME}/.local/share/psi+ | 222 | blacklist ${HOME}/.local/share/psi+ |
205 | blacklist ${HOME}/.local/share/qpdfview | 223 | blacklist ${HOME}/.local/share/qpdfview |
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 2b7919083..3c9056f62 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -8,6 +8,8 @@ include /etc/firejail/dolphin.local | |||
8 | 8 | ||
9 | noblacklist ~/.config/dolphinrc | 9 | noblacklist ~/.config/dolphinrc |
10 | noblacklist ~/.local/share/dolphin | 10 | noblacklist ~/.local/share/dolphin |
11 | noblacklist ~/.kde4/share/kde4/services | ||
12 | noblacklist ~/.kde/share/kde4/services | ||
11 | 13 | ||
12 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
13 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files | 15 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files |
@@ -28,4 +30,3 @@ protocol unix | |||
28 | # private-dev | 30 | # private-dev |
29 | # private-tmp | 31 | # private-tmp |
30 | # private-etc | 32 | # private-etc |
31 | |||
diff --git a/etc/firefox.profile b/etc/firefox.profile index 3b55d4700..5f852d4c0 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -7,6 +7,7 @@ noblacklist ~/.mozilla | |||
7 | noblacklist ~/.cache/mozilla | 7 | noblacklist ~/.cache/mozilla |
8 | noblacklist ~/.config/qpdfview | 8 | noblacklist ~/.config/qpdfview |
9 | noblacklist ~/.local/share/qpdfview | 9 | noblacklist ~/.local/share/qpdfview |
10 | noblacklist ~/.kde4/share/apps/okular | ||
10 | noblacklist ~/.kde/share/apps/okular | 11 | noblacklist ~/.kde/share/apps/okular |
11 | noblacklist ~/.pki | 12 | noblacklist ~/.pki |
12 | noblacklist ~/.lastpass | 13 | noblacklist ~/.lastpass |
@@ -41,6 +42,7 @@ whitelist ~/.pki | |||
41 | whitelist ~/.lastpass | 42 | whitelist ~/.lastpass |
42 | whitelist ~/.config/qpdfview | 43 | whitelist ~/.config/qpdfview |
43 | whitelist ~/.local/share/qpdfview | 44 | whitelist ~/.local/share/qpdfview |
45 | whitelist ~/.kde4/share/apps/okular | ||
44 | whitelist ~/.kde/share/apps/okular | 46 | whitelist ~/.kde/share/apps/okular |
45 | 47 | ||
46 | # silverlight | 48 | # silverlight |
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index c7e9fb9bc..8b86efbd2 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/nautilus.local | |||
8 | # is already a nautilus process running on gnome desktops firejail will have no effect. | 8 | # is already a nautilus process running on gnome desktops firejail will have no effect. |
9 | 9 | ||
10 | noblacklist ~/.config/nautilus | 10 | noblacklist ~/.config/nautilus |
11 | noblacklist ~/.local/share/nautilus | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files | 14 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files |
diff --git a/etc/okular.profile b/etc/okular.profile index 2875d2ef5..07819068e 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -3,6 +3,10 @@ | |||
3 | include /etc/firejail/okular.local | 3 | include /etc/firejail/okular.local |
4 | 4 | ||
5 | # KDE okular profile | 5 | # KDE okular profile |
6 | noblacklist ~/.kde4/share/apps/okular | ||
7 | noblacklist ~/.kde4/share/config/okularrc | ||
8 | noblacklist ~/.kde4/share/config/okularpartrc | ||
9 | read-only ~/.kde4/share/config/kdeglobals | ||
6 | noblacklist ~/.kde/share/apps/okular | 10 | noblacklist ~/.kde/share/apps/okular |
7 | noblacklist ~/.kde/share/config/okularrc | 11 | noblacklist ~/.kde/share/config/okularrc |
8 | noblacklist ~/.kde/share/config/okularpartrc | 12 | noblacklist ~/.kde/share/config/okularpartrc |
@@ -24,6 +28,6 @@ shell none | |||
24 | tracelog | 28 | tracelog |
25 | 29 | ||
26 | # private-bin okular,kbuildsycoca4,kbuildsycoca5 | 30 | # private-bin okular,kbuildsycoca4,kbuildsycoca5 |
27 | # private-etc X11 | 31 | # private-etc fonts,X11 |
28 | private-dev | 32 | private-dev |
29 | private-tmp | 33 | private-tmp |
diff --git a/etc/scribus.profile b/etc/scribus.profile index 5d0dc5af9..d3a0dbf48 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -10,6 +10,9 @@ noblacklist ~/.local/share/scribus | |||
10 | noblacklist ~/.gimp* | 10 | noblacklist ~/.gimp* |
11 | 11 | ||
12 | # Support for PDF readers (Scribus 1.5 and higher) | 12 | # Support for PDF readers (Scribus 1.5 and higher) |
13 | noblacklist ~/.kde4/share/apps/okular | ||
14 | noblacklist ~/.kde4/share/config/okularrc | ||
15 | noblacklist ~/.kde4/share/config/okularpartrc | ||
13 | noblacklist ~/.kde/share/apps/okular | 16 | noblacklist ~/.kde/share/apps/okular |
14 | noblacklist ~/.kde/share/config/okularrc | 17 | noblacklist ~/.kde/share/config/okularrc |
15 | noblacklist ~/.kde/share/config/okularpartrc | 18 | noblacklist ~/.kde/share/config/okularpartrc |