diff options
-rw-r--r-- | etc/7z.profile | 1 | ||||
-rw-r--r-- | etc/atom.profile | 6 | ||||
-rw-r--r-- | etc/calligra.profile | 2 | ||||
-rw-r--r-- | etc/cinelerra.profile | 31 | ||||
-rw-r--r-- | etc/dia.profile | 3 | ||||
-rw-r--r-- | etc/evince.profile | 1 | ||||
-rw-r--r-- | etc/hugin.profile | 3 | ||||
-rw-r--r-- | etc/inox.profile | 4 | ||||
-rw-r--r-- | etc/libreoffice.profile | 1 | ||||
-rw-r--r-- | etc/openshot-qt.profile | 31 | ||||
-rw-r--r-- | etc/scribus.profile | 2 | ||||
-rw-r--r-- | etc/synfigstudio.profile | 3 | ||||
-rw-r--r-- | etc/tar.profile | 1 | ||||
-rw-r--r-- | etc/unrar.profile | 1 | ||||
-rw-r--r-- | etc/unzip.profile | 1 |
15 files changed, 16 insertions, 75 deletions
diff --git a/etc/7z.profile b/etc/7z.profile index 53900bae6..ea67bbe19 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -17,7 +17,6 @@ notv | |||
17 | novideo | 17 | novideo |
18 | shell none | 18 | shell none |
19 | tracelog | 19 | tracelog |
20 | caps.drop all | ||
21 | 20 | ||
22 | private-dev | 21 | private-dev |
23 | 22 | ||
diff --git a/etc/atom.profile b/etc/atom.profile index 6fb6048b6..34fb3a9b1 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noexec ${HOME} | ||
9 | noexec /tmp | ||
10 | noblacklist ~/.atom | 8 | noblacklist ~/.atom |
11 | noblacklist ~/.config/Atom | 9 | noblacklist ~/.config/Atom |
12 | 10 | ||
@@ -25,8 +23,10 @@ notv | |||
25 | novideo | 23 | novideo |
26 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
27 | seccomp | 25 | seccomp |
28 | net none | ||
29 | shell none | 26 | shell none |
30 | 27 | ||
31 | private-dev | 28 | private-dev |
32 | private-tmp | 29 | private-tmp |
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/calligra.profile b/etc/calligra.profile index 8c7e49121..d2b76d22c 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | 14 | ipc-namespace |
15 | net none | ||
15 | nodvd | 16 | nodvd |
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
@@ -21,7 +22,6 @@ novideo | |||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
24 | net none | ||
25 | 25 | ||
26 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch | 26 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch |
27 | private-dev | 27 | private-dev |
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index bd75a66a9..e6a1941b5 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile | |||
@@ -1,31 +1,6 @@ | |||
1 | # Firejail profile for cin | 1 | # Firejail profile alias for cin |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include /etc/firejail/cin.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 3 | ||
8 | noblacklist ${HOME}/.bcast | ||
9 | 4 | ||
10 | include /etc/firejail/disable-common.inc | 5 | # Redirect |
11 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/cin.profile |
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | ipc-namespace | ||
17 | net none | ||
18 | nodvd | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | notv | ||
22 | noroot | ||
23 | protocol unix | ||
24 | seccomp | ||
25 | shell none | ||
26 | |||
27 | private-bin cinelerra | ||
28 | private-dev | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/dia.profile b/etc/dia.profile index 6915318c0..800c3bbf1 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | 18 | nodvd |
19 | nogroups | 19 | nogroups |
@@ -25,7 +25,6 @@ novideo | |||
25 | protocol unix | 25 | protocol unix |
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | net none | ||
29 | 28 | ||
30 | disable-mnt | 29 | disable-mnt |
31 | #private-bin dia | 30 | #private-bin dia |
diff --git a/etc/evince.profile b/etc/evince.profile index 5e7596352..f503b9a8e 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -28,7 +28,6 @@ protocol unix | |||
28 | seccomp | 28 | seccomp |
29 | shell none | 29 | shell none |
30 | tracelog | 30 | tracelog |
31 | net none | ||
32 | 31 | ||
33 | private-bin evince,evince-previewer,evince-thumbnailer | 32 | private-bin evince,evince-previewer,evince-thumbnailer |
34 | private-dev | 33 | private-dev |
diff --git a/etc/hugin.profile b/etc/hugin.profile index dd7e326c6..64b6e0c69 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | net none |
17 | nodvd | 17 | nodvd |
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
@@ -24,7 +24,6 @@ novideo | |||
24 | protocol unix | 24 | protocol unix |
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | net none | ||
28 | 27 | ||
29 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend | 28 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend |
30 | private-dev | 29 | private-dev |
diff --git a/etc/inox.profile b/etc/inox.profile index ec8d12387..de4d6205b 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
@@ -21,10 +21,10 @@ whitelist ~/.config/inox | |||
21 | whitelist ~/.pki | 21 | whitelist ~/.pki |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | caps.keep sys_chroot,sys_admin | ||
24 | netfilter | 25 | netfilter |
25 | nodvd | 26 | nodvd |
26 | notv | ||
27 | nogroups | 27 | nogroups |
28 | noroot | 28 | noroot |
29 | notv | ||
29 | shell none | 30 | shell none |
30 | caps.keep sys_chroot,sys_admin \ No newline at end of file | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 9acdc3789..8d05a557c 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -27,7 +27,6 @@ protocol unix,inet,inet6 | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | tracelog | 29 | tracelog |
30 | net none | ||
31 | 30 | ||
32 | private-dev | 31 | private-dev |
33 | 32 | ||
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index 02f4665d6..cbd1f8fe8 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile | |||
@@ -1,31 +1,6 @@ | |||
1 | # Firejail profile for openshot | 1 | # Firejail profile alias for openshot |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include /etc/firejail/openshot.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 3 | ||
8 | noblacklist ${HOME}/.openshot | ||
9 | noblacklist ${HOME}/.openshot_qt | ||
10 | 4 | ||
11 | include /etc/firejail/disable-common.inc | 5 | # Redirect |
12 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/openshot.profile |
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | caps.drop all | ||
17 | netfilter | ||
18 | nodvd | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | notv | ||
23 | protocol unix,inet,inet6,netlink | ||
24 | seccomp | ||
25 | shell none | ||
26 | |||
27 | private-dev | ||
28 | private-tmp | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index a6e86a7d6..38f1e5b3c 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
27 | include /etc/firejail/disable-programs.inc | 27 | include /etc/firejail/disable-programs.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | net none | ||
30 | nodvd | 31 | nodvd |
31 | nogroups | 32 | nogroups |
32 | nonewprivs | 33 | nonewprivs |
@@ -36,7 +37,6 @@ notv | |||
36 | novideo | 37 | novideo |
37 | protocol unix | 38 | protocol unix |
38 | seccomp | 39 | seccomp |
39 | net none | ||
40 | tracelog | 40 | tracelog |
41 | 41 | ||
42 | #private-bin scribus,gs | 42 | #private-bin scribus,gs |
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 1758659f2..2617c0e51 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -14,7 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | net none |
18 | nodvd | 18 | nodvd |
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
@@ -25,7 +25,6 @@ novideo | |||
25 | protocol unix | 25 | protocol unix |
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | net none | ||
29 | 28 | ||
30 | #private-bin synfigstudio,synfig,ffmpeg | 29 | #private-bin synfigstudio,synfig,ffmpeg |
31 | private-dev | 30 | private-dev |
diff --git a/etc/tar.profile b/etc/tar.profile index 6ac530b15..f14894c25 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -18,7 +18,6 @@ notv | |||
18 | novideo | 18 | novideo |
19 | shell none | 19 | shell none |
20 | tracelog | 20 | tracelog |
21 | caps.drop all | ||
22 | 21 | ||
23 | # support compressed archives | 22 | # support compressed archives |
24 | private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 23 | private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 881572521..12559a721 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -18,7 +18,6 @@ notv | |||
18 | novideo | 18 | novideo |
19 | shell none | 19 | shell none |
20 | tracelog | 20 | tracelog |
21 | caps.drop all | ||
22 | 21 | ||
23 | private-bin unrar | 22 | private-bin unrar |
24 | private-dev | 23 | private-dev |
diff --git a/etc/unzip.profile b/etc/unzip.profile index f913385fb..9828fa9b4 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -18,7 +18,6 @@ notv | |||
18 | novideo | 18 | novideo |
19 | shell none | 19 | shell none |
20 | tracelog | 20 | tracelog |
21 | caps.drop all | ||
22 | 21 | ||
23 | private-bin unzip | 22 | private-bin unzip |
24 | private-dev | 23 | private-dev |