diff options
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/ideaIC.profile | 10 | ||||
-rw-r--r-- | etc/onionshare-gui.profile | 35 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 24 |
5 files changed, 71 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e6d425df2..667c209ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf | |||
155 | blacklist ${HOME}/.config/nheko | 155 | blacklist ${HOME}/.config/nheko |
156 | blacklist ${HOME}/.config/okularpartrc | 156 | blacklist ${HOME}/.config/okularpartrc |
157 | blacklist ${HOME}/.config/okularrc | 157 | blacklist ${HOME}/.config/okularrc |
158 | blacklist ${HOME}/.config/onionshare | ||
158 | blacklist ${HOME}/.config/opera | 159 | blacklist ${HOME}/.config/opera |
159 | blacklist ${HOME}/.config/opera-beta | 160 | blacklist ${HOME}/.config/opera-beta |
160 | blacklist ${HOME}/.config/orage | 161 | blacklist ${HOME}/.config/orage |
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile new file mode 100644 index 000000000..f7a69fa94 --- /dev/null +++ b/etc/ideaIC.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for ideaIC | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/ideaIC.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | |||
9 | # Redirect | ||
10 | include /etc/firejail/idea.sh.profile | ||
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile new file mode 100644 index 000000000..7220f7e1c --- /dev/null +++ b/etc/onionshare-gui.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Firejail profile for onionshare-gui | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/onionshare-gui.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.config/onionshare | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | ipc-namespace | ||
17 | netfilter | ||
18 | no3d | ||
19 | nodvd | ||
20 | nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | nosound | ||
24 | notv | ||
25 | novideo | ||
26 | protocol unix,inet,inet6 | ||
27 | seccomp | ||
28 | shell none | ||
29 | |||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | memory-deny-write-execute | ||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 51a5d7735..49b083919 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher | 34 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher |
35 | private-dev | 35 | private-dev |
36 | private-etc fonts | 36 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec /tmp | 39 | noexec /tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 6f6dd3f06..3dbd8df1a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -21,6 +21,7 @@ amule | |||
21 | android-studio | 21 | android-studio |
22 | apktool | 22 | apktool |
23 | arch-audit | 23 | arch-audit |
24 | archaudit-report | ||
24 | ardour4 | 25 | ardour4 |
25 | ardour5 | 26 | ardour5 |
26 | arduino | 27 | arduino |
@@ -42,6 +43,7 @@ bleachbit | |||
42 | blender | 43 | blender |
43 | bless | 44 | bless |
44 | bluefish | 45 | bluefish |
46 | bnox | ||
45 | brackets | 47 | brackets |
46 | brasero | 48 | brasero |
47 | brave | 49 | brave |
@@ -94,6 +96,7 @@ dropbox | |||
94 | ebook-viewer | 96 | ebook-viewer |
95 | elinks | 97 | elinks |
96 | empathy | 98 | empathy |
99 | enpass | ||
97 | eog | 100 | eog |
98 | eom | 101 | eom |
99 | epiphany | 102 | epiphany |
@@ -170,6 +173,7 @@ icecat | |||
170 | icedove | 173 | icedove |
171 | iceweasel | 174 | iceweasel |
172 | idea.sh | 175 | idea.sh |
176 | ideaIC | ||
173 | imagej | 177 | imagej |
174 | img2txt | 178 | img2txt |
175 | inkscape | 179 | inkscape |
@@ -250,6 +254,7 @@ nylas | |||
250 | obs | 254 | obs |
251 | odt2txt | 255 | odt2txt |
252 | okular | 256 | okular |
257 | onionshare-gui | ||
253 | open-invaders | 258 | open-invaders |
254 | openshot | 259 | openshot |
255 | openshot-qt | 260 | openshot-qt |
@@ -270,6 +275,7 @@ pinta | |||
270 | pithos | 275 | pithos |
271 | pitivi | 276 | pitivi |
272 | pix | 277 | pix |
278 | playonlinux | ||
273 | pluma | 279 | pluma |
274 | polari | 280 | polari |
275 | psi-plus | 281 | psi-plus |
@@ -306,6 +312,7 @@ skype | |||
306 | skypeforlinux | 312 | skypeforlinux |
307 | slack | 313 | slack |
308 | smplayer | 314 | smplayer |
315 | smtube | ||
309 | soffice | 316 | soffice |
310 | soundconverter | 317 | soundconverter |
311 | spotify | 318 | spotify |
@@ -317,13 +324,30 @@ steam | |||
317 | stellarium | 324 | stellarium |
318 | strings | 325 | strings |
319 | supertux2 | 326 | supertux2 |
327 | surf | ||
328 | sylpheed | ||
320 | synfigstudio | 329 | synfigstudio |
321 | teamspeak3 | 330 | teamspeak3 |
322 | telegram | 331 | telegram |
323 | telegram-desktop | 332 | telegram-desktop |
324 | terasology | 333 | terasology |
325 | thunderbird | 334 | thunderbird |
335 | tor-browser-ar | ||
326 | tor-browser-en | 336 | tor-browser-en |
337 | tor-browser-en-us | ||
338 | tor-browser-es-es | ||
339 | tor-browser-es | ||
340 | tor-browser-fa | ||
341 | tor-browser-fr | ||
342 | tor-browser-it | ||
343 | tor-browser-ja | ||
344 | tor-browser-ko | ||
345 | torbrowser-launcher | ||
346 | tor-browser-pl | ||
347 | tor-browser-pt-br | ||
348 | tor-browser-ru | ||
349 | tor-browser-vi | ||
350 | tor-browser-zh-cn | ||
327 | totem | 351 | totem |
328 | tracker | 352 | tracker |
329 | transmission-cli | 353 | transmission-cli |