diff options
40 files changed, 60 insertions, 85 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 11fb45463..217cdeee0 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -8,16 +8,12 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
9 | 9 | ||
10 | # Whitelists | 10 | # Whitelists |
11 | mkdir ~/.cache | ||
12 | mkdir ~/.cache/0ad | 11 | mkdir ~/.cache/0ad |
13 | whitelist ~/.cache/0ad | 12 | whitelist ~/.cache/0ad |
14 | 13 | ||
15 | mkdir ~/.config | ||
16 | mkdir ~/.config/0ad | 14 | mkdir ~/.config/0ad |
17 | whitelist ~/.config/0ad | 15 | whitelist ~/.config/0ad |
18 | 16 | ||
19 | mkdir ~/.local | ||
20 | mkdir ~/.local/share | ||
21 | mkdir ~/.local/share/0ad | 17 | mkdir ~/.local/share/0ad |
22 | whitelist ~/.local/share/0ad | 18 | whitelist ~/.local/share/0ad |
23 | 19 | ||
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 65247e7d3..4aa18aa90 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -17,8 +17,6 @@ tracelog | |||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.mozilla | 18 | mkdir ~/.mozilla |
19 | whitelist ~/.mozilla | 19 | whitelist ~/.mozilla |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/mozilla | ||
22 | mkdir ~/.cache/mozilla/abrowser | 20 | mkdir ~/.cache/mozilla/abrowser |
23 | whitelist ~/.cache/mozilla/abrowser | 21 | whitelist ~/.cache/mozilla/abrowser |
24 | whitelist ~/dwhelper | 22 | whitelist ~/dwhelper |
diff --git a/etc/aweather.profile b/etc/aweather.profile index d617fb701..da93e8ba3 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | 7 | ||
8 | # Whitelist | 8 | # Whitelist |
9 | mkdir ~/.config | ||
10 | mkdir ~/.config/aweather | 9 | mkdir ~/.config/aweather |
11 | whitelist ~/.config/aweather | 10 | whitelist ~/.config/aweather |
12 | 11 | ||
diff --git a/etc/brave.profile b/etc/brave.profile index 4c42e9faa..4fc3a5bb0 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -14,6 +14,5 @@ seccomp | |||
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | 16 | ||
17 | mkdir ~/.config | ||
18 | mkdir ~/.config/brave | 17 | mkdir ~/.config/brave |
19 | whitelist ~/.config/brave | 18 | whitelist ~/.config/brave |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7b6238d98..76ee70679 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -7,10 +7,8 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | whitelist ${HOME}/cherrytree | 9 | whitelist ${HOME}/cherrytree |
10 | mkdir ~/.config | ||
11 | mkdir ~/.config/cherrytree | 10 | mkdir ~/.config/cherrytree |
12 | whitelist ${HOME}/.config/cherrytree/ | 11 | whitelist ${HOME}/.config/cherrytree/ |
13 | mkdir ~/.local | ||
14 | mkdir ~/.local/share | 12 | mkdir ~/.local/share |
15 | whitelist ${HOME}/.local/share/ | 13 | whitelist ${HOME}/.local/share/ |
16 | 14 | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index 7cf2853ca..0d383aebf 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc | |||
11 | netfilter | 11 | netfilter |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config | ||
15 | mkdir ~/.config/chromium | 14 | mkdir ~/.config/chromium |
16 | whitelist ~/.config/chromium | 15 | whitelist ~/.config/chromium |
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/chromium | 16 | mkdir ~/.cache/chromium |
19 | whitelist ~/.cache/chromium | 17 | whitelist ~/.cache/chromium |
20 | mkdir ~/.pki | 18 | mkdir ~/.pki |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index afa77d1d4..ae487fa3c 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -17,7 +17,6 @@ tracelog | |||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.8pecxstudios | 18 | mkdir ~/.8pecxstudios |
19 | whitelist ~/.8pecxstudios | 19 | whitelist ~/.8pecxstudios |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/8pecxstudios | 20 | mkdir ~/.cache/8pecxstudios |
22 | whitelist ~/.cache/8pecxstudios | 21 | whitelist ~/.cache/8pecxstudios |
23 | whitelist ~/dwhelper | 22 | whitelist ~/dwhelper |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 71e019f8c..40efd62b2 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -17,6 +17,5 @@ whitelist ~/.dropbox | |||
17 | mkdir ~/.dropbox-dist | 17 | mkdir ~/.dropbox-dist |
18 | whitelist ~/.dropbox-dist | 18 | whitelist ~/.dropbox-dist |
19 | 19 | ||
20 | mkdir ~/.config/autostart | ||
21 | mkfile ~/.config/autostart/dropbox.desktop | 20 | mkfile ~/.config/autostart/dropbox.desktop |
22 | whitelist ~/.config/autostart/dropbox.desktop | 21 | whitelist ~/.config/autostart/dropbox.desktop |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 57191429a..0e898f02b 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -8,14 +8,10 @@ include /etc/firejail/disable-programs.inc | |||
8 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
9 | 9 | ||
10 | whitelist ${DOWNLOADS} | 10 | whitelist ${DOWNLOADS} |
11 | mkdir ${HOME}/.local | ||
12 | mkdir ${HOME}/.local/share | ||
13 | mkdir ${HOME}/.local/share/epiphany | 11 | mkdir ${HOME}/.local/share/epiphany |
14 | whitelist ${HOME}/.local/share/epiphany | 12 | whitelist ${HOME}/.local/share/epiphany |
15 | mkdir ${HOME}/.config | ||
16 | mkdir ${HOME}/.config/epiphany | 13 | mkdir ${HOME}/.config/epiphany |
17 | whitelist ${HOME}/.config/epiphany | 14 | whitelist ${HOME}/.config/epiphany |
18 | mkdir ${HOME}/.cache | ||
19 | mkdir ${HOME}/.cache/epiphany | 15 | mkdir ${HOME}/.cache/epiphany |
20 | whitelist ${HOME}/.cache/epiphany | 16 | whitelist ${HOME}/.cache/epiphany |
21 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 2cc4d3cd8..170d0fe10 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -17,8 +17,6 @@ tracelog | |||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.mozilla | 18 | mkdir ~/.mozilla |
19 | whitelist ~/.mozilla | 19 | whitelist ~/.mozilla |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/mozilla | ||
22 | mkdir ~/.cache/mozilla/firefox | 20 | mkdir ~/.cache/mozilla/firefox |
23 | whitelist ~/.cache/mozilla/firefox | 21 | whitelist ~/.cache/mozilla/firefox |
24 | whitelist ~/dwhelper | 22 | whitelist ~/dwhelper |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index f248c385a..7e0eb486b 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -22,10 +22,8 @@ protocol unix,inet,inet6,netlink | |||
22 | seccomp | 22 | seccomp |
23 | 23 | ||
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | mkdir ~/.config | ||
26 | mkdir ~/.config/slimjet | 25 | mkdir ~/.config/slimjet |
27 | whitelist ~/.config/slimjet | 26 | whitelist ~/.config/slimjet |
28 | mkdir ~/.cache | ||
29 | mkdir ~/.cache/slimjet | 27 | mkdir ~/.cache/slimjet |
30 | whitelist ~/.cache/slimjet | 28 | whitelist ~/.cache/slimjet |
31 | mkdir ~/.pki | 29 | mkdir ~/.pki |
diff --git a/etc/franz.profile b/etc/franz.profile index fc4a665de..3cb7942ab 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -14,10 +14,8 @@ nonewprivs | |||
14 | noroot | 14 | noroot |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | mkdir ~/.config | ||
18 | mkdir ~/.config/Franz | 17 | mkdir ~/.config/Franz |
19 | whitelist ~/.config/Franz | 18 | whitelist ~/.config/Franz |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/Franz | 19 | mkdir ~/.cache/Franz |
22 | whitelist ~/.cache/Franz | 20 | whitelist ~/.cache/Franz |
23 | mkdir ~/.pki | 21 | mkdir ~/.pki |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 11f9f9e33..fe870274f 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc | |||
11 | netfilter | 11 | netfilter |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config | ||
15 | mkdir ~/.config/google-chrome-beta | 14 | mkdir ~/.config/google-chrome-beta |
16 | whitelist ~/.config/google-chrome-beta | 15 | whitelist ~/.config/google-chrome-beta |
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/google-chrome-beta | 16 | mkdir ~/.cache/google-chrome-beta |
19 | whitelist ~/.cache/google-chrome-beta | 17 | whitelist ~/.cache/google-chrome-beta |
20 | mkdir ~/.pki | 18 | mkdir ~/.pki |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index f253e5a90..f6680ac2d 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc | |||
11 | netfilter | 11 | netfilter |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config | ||
15 | mkdir ~/.config/google-chrome-unstable | 14 | mkdir ~/.config/google-chrome-unstable |
16 | whitelist ~/.config/google-chrome-unstable | 15 | whitelist ~/.config/google-chrome-unstable |
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/google-chrome-unstable | 16 | mkdir ~/.cache/google-chrome-unstable |
19 | whitelist ~/.cache/google-chrome-unstable | 17 | whitelist ~/.cache/google-chrome-unstable |
20 | mkdir ~/.pki | 18 | mkdir ~/.pki |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 5e168aae5..a9fcebe73 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc | |||
11 | netfilter | 11 | netfilter |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config | ||
15 | mkdir ~/.config/google-chrome | 14 | mkdir ~/.config/google-chrome |
16 | whitelist ~/.config/google-chrome | 15 | whitelist ~/.config/google-chrome |
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/google-chrome | 16 | mkdir ~/.cache/google-chrome |
19 | whitelist ~/.cache/google-chrome | 17 | whitelist ~/.cache/google-chrome |
20 | mkdir ~/.pki | 18 | mkdir ~/.pki |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 02bb4d24d..a8378a66e 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | 7 | ||
8 | # Whitelist | 8 | # Whitelist |
9 | mkdir ~/.config | ||
10 | mkdir ~/.config/Gpredict | 9 | mkdir ~/.config/Gpredict |
11 | whitelist ~/.config/Gpredict | 10 | whitelist ~/.config/Gpredict |
12 | 11 | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 4e829c379..0d7ee6594 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -13,7 +13,6 @@ netfilter | |||
13 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | seccomp | 14 | seccomp |
15 | 15 | ||
16 | mkdir ~/.config | ||
17 | mkdir ~/.config/hexchat | 16 | mkdir ~/.config/hexchat |
18 | whitelist ~/.config/hexchat | 17 | whitelist ~/.config/hexchat |
19 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/icedove.profile b/etc/icedove.profile index e9a63c8dd..23254751b 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -11,7 +11,6 @@ mkdir ~/.icedove | |||
11 | whitelist ~/.icedove | 11 | whitelist ~/.icedove |
12 | 12 | ||
13 | noblacklist ~/.cache/icedove | 13 | noblacklist ~/.cache/icedove |
14 | mkdir ~/.cache | ||
15 | mkdir ~/.cache/icedove | 14 | mkdir ~/.cache/icedove |
16 | whitelist ~/.cache/icedove | 15 | whitelist ~/.cache/icedove |
17 | 16 | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index d4b442df8..acb13e6b9 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -8,11 +8,8 @@ include /etc/firejail/disable-programs.inc | |||
8 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | mkdir ${HOME}/.local | ||
12 | mkdir ${HOME}/.local/share | ||
13 | mkdir ${HOME}/.local/share/mupen64plus | 11 | mkdir ${HOME}/.local/share/mupen64plus |
14 | whitelist ${HOME}/.local/share/mupen64plus/ | 12 | whitelist ${HOME}/.local/share/mupen64plus/ |
15 | mkdir ${HOME}/.config | ||
16 | mkdir ${HOME}/.config/mupen64plus | 13 | mkdir ${HOME}/.config/mupen64plus |
17 | whitelist ${HOME}/.config/mupen64plus/ | 14 | whitelist ${HOME}/.config/mupen64plus/ |
18 | 15 | ||
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 3de6be238..1ed2163c2 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -15,10 +15,8 @@ seccomp | |||
15 | tracelog | 15 | tracelog |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config | ||
19 | mkdir ~/.config/netsurf | 18 | mkdir ~/.config/netsurf |
20 | whitelist ~/.config/netsurf | 19 | whitelist ~/.config/netsurf |
21 | mkdir ~/.cache | ||
22 | mkdir ~/.cache/netsurf | 20 | mkdir ~/.cache/netsurf |
23 | whitelist ~/.cache/netsurf | 21 | whitelist ~/.cache/netsurf |
24 | 22 | ||
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 3d6edb286..12c91c744 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -8,10 +8,8 @@ include /etc/firejail/disable-devel.inc | |||
8 | netfilter | 8 | netfilter |
9 | 9 | ||
10 | whitelist ${DOWNLOADS} | 10 | whitelist ${DOWNLOADS} |
11 | mkdir ~/.config | ||
12 | mkdir ~/.config/opera-beta | 11 | mkdir ~/.config/opera-beta |
13 | whitelist ~/.config/opera-beta | 12 | whitelist ~/.config/opera-beta |
14 | mkdir ~/.cache | ||
15 | mkdir ~/.cache/opera-beta | 13 | mkdir ~/.cache/opera-beta |
16 | whitelist ~/.cache/opera-beta | 14 | whitelist ~/.cache/opera-beta |
17 | mkdir ~/.pki | 15 | mkdir ~/.pki |
diff --git a/etc/opera.profile b/etc/opera.profile index ff00eb349..e0c89a195 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -9,10 +9,8 @@ include /etc/firejail/disable-devel.inc | |||
9 | netfilter | 9 | netfilter |
10 | 10 | ||
11 | whitelist ${DOWNLOADS} | 11 | whitelist ${DOWNLOADS} |
12 | mkdir ~/.config | ||
13 | mkdir ~/.config/opera | 12 | mkdir ~/.config/opera |
14 | whitelist ~/.config/opera | 13 | whitelist ~/.config/opera |
15 | mkdir ~/.cache | ||
16 | mkdir ~/.cache/opera | 14 | mkdir ~/.cache/opera |
17 | whitelist ~/.cache/opera | 15 | whitelist ~/.cache/opera |
18 | mkdir ~/.opera | 16 | mkdir ~/.opera |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 302c20d7d..acedaebb7 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -9,8 +9,6 @@ include /etc/firejail/whitelist-common.inc | |||
9 | whitelist ${DOWNLOADS} | 9 | whitelist ${DOWNLOADS} |
10 | mkdir ~/.moonchild productions | 10 | mkdir ~/.moonchild productions |
11 | whitelist ~/.moonchild productions | 11 | whitelist ~/.moonchild productions |
12 | mkdir ~/.cache | ||
13 | mkdir ~/.cache/moonchild productions | ||
14 | mkdir ~/.cache/moonchild productions/pale moon | 12 | mkdir ~/.cache/moonchild productions/pale moon |
15 | whitelist ~/.cache/moonchild productions/pale moon | 13 | whitelist ~/.cache/moonchild productions/pale moon |
16 | 14 | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 366883c83..ac9530c40 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -3,18 +3,14 @@ include /etc/firejail/disable-common.inc | |||
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | mkdir ${HOME}/.local | ||
7 | mkdir ${HOME}/.local/share/ | ||
8 | mkdir ${HOME}/.local/share/Empathy | 6 | mkdir ${HOME}/.local/share/Empathy |
9 | whitelist ${HOME}/.local/share/Empathy | 7 | whitelist ${HOME}/.local/share/Empathy |
10 | mkdir ${HOME}/.local/share/telepathy | 8 | mkdir ${HOME}/.local/share/telepathy |
11 | whitelist ${HOME}/.local/share/telepathy | 9 | whitelist ${HOME}/.local/share/telepathy |
12 | mkdir ${HOME}/.local/share/TpLogger | 10 | mkdir ${HOME}/.local/share/TpLogger |
13 | whitelist ${HOME}/.local/share/TpLogger | 11 | whitelist ${HOME}/.local/share/TpLogger |
14 | mkdir ${HOME}/.config | ||
15 | mkdir ${HOME}/.config/telepathy-account-widgets | 12 | mkdir ${HOME}/.config/telepathy-account-widgets |
16 | whitelist ${HOME}/.config/telepathy-account-widgets | 13 | whitelist ${HOME}/.config/telepathy-account-widgets |
17 | mkdir ${HOME}/.cache | ||
18 | mkdir ${HOME}/.cache/telepathy | 14 | mkdir ${HOME}/.cache/telepathy |
19 | whitelist ${HOME}/.cache/telepathy | 15 | whitelist ${HOME}/.cache/telepathy |
20 | mkdir ${HOME}/.purple | 16 | mkdir ${HOME}/.purple |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 9380237be..22c5bafc5 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -7,14 +7,10 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | whitelist ${DOWNLOADS} | 9 | whitelist ${DOWNLOADS} |
10 | mkdir ~/.config | ||
11 | mkdir ~/.config/psi+ | 10 | mkdir ~/.config/psi+ |
12 | whitelist ~/.config/psi+ | 11 | whitelist ~/.config/psi+ |
13 | mkdir ~/.local | ||
14 | mkdir ~/.local/share | ||
15 | mkdir ~/.local/share/psi+ | 12 | mkdir ~/.local/share/psi+ |
16 | whitelist ~/.local/share/psi+ | 13 | whitelist ~/.local/share/psi+ |
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/psi+ | 14 | mkdir ~/.cache/psi+ |
19 | whitelist ~/.cache/psi+ | 15 | whitelist ~/.cache/psi+ |
20 | 16 | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f2b9959f6..2ab5d8a8e 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -4,14 +4,11 @@ include /etc/firejail/disable-passwdmgr.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | whitelist ${HOME}/quiterssfeeds.opml | 6 | whitelist ${HOME}/quiterssfeeds.opml |
7 | mkdir ~/.config | ||
8 | mkdir ~/.config/QuiteRss | 7 | mkdir ~/.config/QuiteRss |
9 | whitelist ${HOME}/.config/QuiteRss/ | 8 | whitelist ${HOME}/.config/QuiteRss/ |
10 | whitelist ${HOME}/.config/QuiteRssrc | 9 | whitelist ${HOME}/.config/QuiteRssrc |
11 | mkdir ~/.local | ||
12 | mkdir ~/.local/share | 10 | mkdir ~/.local/share |
13 | whitelist ${HOME}/.local/share/ | 11 | whitelist ${HOME}/.local/share/ |
14 | mkdir ~/.cache | ||
15 | mkdir ~/.cache/QuiteRss | 12 | mkdir ~/.cache/QuiteRss |
16 | whitelist ${HOME}/.cache/QuiteRss | 13 | whitelist ${HOME}/.cache/QuiteRss |
17 | 14 | ||
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index b590f0ef1..0efb7b629 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -17,7 +17,6 @@ tracelog | |||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/qutebrowser | 18 | mkdir ~/.config/qutebrowser |
19 | whitelist ~/.config/qutebrowser | 19 | whitelist ~/.config/qutebrowser |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/qutebrowser | 20 | mkdir ~/.cache/qutebrowser |
22 | whitelist ~/.cache/qutebrowser | 21 | whitelist ~/.cache/qutebrowser |
23 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 9ce4164c1..b981d9516 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -14,11 +14,8 @@ seccomp | |||
14 | tracelog | 14 | tracelog |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | mkdir ~/.mozilla | ||
18 | mkdir ~/.mozilla/seamonkey | 17 | mkdir ~/.mozilla/seamonkey |
19 | whitelist ~/.mozilla/seamonkey | 18 | whitelist ~/.mozilla/seamonkey |
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/mozilla | ||
22 | mkdir ~/.cache/mozilla/seamonkey | 19 | mkdir ~/.cache/mozilla/seamonkey |
23 | whitelist ~/.cache/mozilla/seamonkey | 20 | whitelist ~/.cache/mozilla/seamonkey |
24 | whitelist ~/dwhelper | 21 | whitelist ~/dwhelper |
diff --git a/etc/spotify.profile b/etc/spotify.profile index ca575970b..6bcb99e0f 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -10,14 +10,10 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | # Whitelist the folders needed by Spotify - This is more restrictive | 10 | # Whitelist the folders needed by Spotify - This is more restrictive |
11 | # than a blacklist though, but this is all spotify requires for | 11 | # than a blacklist though, but this is all spotify requires for |
12 | # streaming audio | 12 | # streaming audio |
13 | mkdir ${HOME}/.config | ||
14 | mkdir ${HOME}/.config/spotify | 13 | mkdir ${HOME}/.config/spotify |
15 | whitelist ${HOME}/.config/spotify | 14 | whitelist ${HOME}/.config/spotify |
16 | mkdir ${HOME}/.local | ||
17 | mkdir ${HOME}/.local/share | ||
18 | mkdir ${HOME}/.local/share/spotify | 15 | mkdir ${HOME}/.local/share/spotify |
19 | whitelist ${HOME}/.local/share/spotify | 16 | whitelist ${HOME}/.local/share/spotify |
20 | mkdir ${HOME}/.cache | ||
21 | mkdir ${HOME}/.cache/spotify | 17 | mkdir ${HOME}/.cache/spotify |
22 | whitelist ${HOME}/.cache/spotify | 18 | whitelist ${HOME}/.cache/spotify |
23 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index d0c1326b3..adefa75ff 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -9,7 +9,6 @@ include /etc/firejail/disable-programs.inc | |||
9 | # Whitelist | 9 | # Whitelist |
10 | mkdir ~/.stellarium | 10 | mkdir ~/.stellarium |
11 | whitelist ~/.stellarium | 11 | whitelist ~/.stellarium |
12 | mkdir ~/.config | ||
13 | mkdir ~/.config/stellarium | 12 | mkdir ~/.config/stellarium |
14 | whitelist ~/.config/stellarium | 13 | whitelist ~/.config/stellarium |
15 | 14 | ||
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 7882367b9..5db50da4d 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -11,7 +11,6 @@ mkdir ~/.thunderbird | |||
11 | whitelist ~/.thunderbird | 11 | whitelist ~/.thunderbird |
12 | 12 | ||
13 | noblacklist ~/.cache/thunderbird | 13 | noblacklist ~/.cache/thunderbird |
14 | mkdir ~/.cache | ||
15 | mkdir ~/.cache/thunderbird | 14 | mkdir ~/.cache/thunderbird |
16 | whitelist ~/.cache/thunderbird | 15 | whitelist ~/.cache/thunderbird |
17 | 16 | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 269f8f0fd..522b4bd1e 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -13,7 +13,6 @@ protocol unix,inet,inet6 | |||
13 | seccomp | 13 | seccomp |
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | mkdir ~/.config | ||
17 | mkdir ~/.config/uGet | 16 | mkdir ~/.config/uGet |
18 | whitelist ~/.config/uGet | 17 | whitelist ~/.config/uGet |
19 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 2049d2bd9..3c608dccb 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -9,10 +9,8 @@ netfilter | |||
9 | nonewprivs | 9 | nonewprivs |
10 | 10 | ||
11 | whitelist ${DOWNLOADS} | 11 | whitelist ${DOWNLOADS} |
12 | mkdir ~/.config | ||
13 | mkdir ~/.config/vivaldi | 12 | mkdir ~/.config/vivaldi |
14 | whitelist ~/.config/vivaldi | 13 | whitelist ~/.config/vivaldi |
15 | mkdir ~/.cache | ||
16 | mkdir ~/.cache/vivaldi | 14 | mkdir ~/.cache/vivaldi |
17 | whitelist ~/.cache/vivaldi | 15 | whitelist ~/.cache/vivaldi |
18 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index cd0c6406f..2ddb59d11 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -18,12 +18,8 @@ private-dev | |||
18 | 18 | ||
19 | whitelist /tmp/.X11-unix | 19 | whitelist /tmp/.X11-unix |
20 | 20 | ||
21 | mkdir ${HOME}/.local | ||
22 | mkdir ${HOME}/.local/share | ||
23 | mkdir ${HOME}/.local/share/wesnoth | 21 | mkdir ${HOME}/.local/share/wesnoth |
24 | mkdir ${HOME}/.config | ||
25 | mkdir ${HOME}/.config/wesnoth | 22 | mkdir ${HOME}/.config/wesnoth |
26 | mkdir ${HOME}/.cache | ||
27 | mkdir ${HOME}/.cache/wesnoth | 23 | mkdir ${HOME}/.cache/wesnoth |
28 | whitelist ${HOME}/.local/share/wesnoth | 24 | whitelist ${HOME}/.local/share/wesnoth |
29 | whitelist ${HOME}/.config/wesnoth | 25 | whitelist ${HOME}/.config/wesnoth |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index b3a1a1d30..2317133c5 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -24,6 +24,5 @@ whitelist ~/.config/gtk-3.0 | |||
24 | whitelist ~/.themes | 24 | whitelist ~/.themes |
25 | 25 | ||
26 | # dconf | 26 | # dconf |
27 | mkdir ~/.config | ||
28 | mkdir ~/.config/dconf | 27 | mkdir ~/.config/dconf |
29 | whitelist ~/.config/dconf | 28 | whitelist ~/.config/dconf |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 50bcc613b..5bc2df2cc 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -22,8 +22,38 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | #include <grp.h> | 24 | #include <grp.h> |
25 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
26 | 26 | #include <string.h> | |
27 | |||
28 | static void mkdir_recursive(char *path) { | ||
29 | char *subdir = NULL; | ||
30 | struct stat s; | ||
31 | |||
32 | if (chdir("/")) { | ||
33 | fprintf(stderr, "Error: can't chdir to /"); | ||
34 | return; | ||
35 | } | ||
36 | |||
37 | subdir = strtok(path, "/"); | ||
38 | while(subdir) { | ||
39 | if (stat(subdir, &s) == -1) { | ||
40 | if (mkdir(subdir, 0700) == -1) { | ||
41 | fprintf(stderr, "Warning: cannot create %s directory\n", subdir); | ||
42 | return; | ||
43 | } | ||
44 | } else if (!S_ISDIR(s.st_mode)) { | ||
45 | fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir); | ||
46 | return; | ||
47 | } | ||
48 | if (chdir(subdir)) { | ||
49 | fprintf(stderr, "Error: can't chdir to %s", subdir); | ||
50 | return; | ||
51 | } | ||
52 | |||
53 | subdir = strtok(NULL, "/"); | ||
54 | } | ||
55 | } | ||
56 | |||
27 | void fs_mkdir(const char *name) { | 57 | void fs_mkdir(const char *name) { |
28 | EUID_ASSERT(); | 58 | EUID_ASSERT(); |
29 | 59 | ||
@@ -50,8 +80,7 @@ void fs_mkdir(const char *name) { | |||
50 | drop_privs(0); | 80 | drop_privs(0); |
51 | 81 | ||
52 | // create directory | 82 | // create directory |
53 | if (mkdir(expanded, 0700) == -1) | 83 | mkdir_recursive(expanded); |
54 | fprintf(stderr, "Warning: cannot create %s directory\n", expanded); | ||
55 | exit(0); | 84 | exit(0); |
56 | } | 85 | } |
57 | // wait for the child to finish | 86 | // wait for the child to finish |
@@ -101,4 +130,4 @@ void fs_mkfile(const char *name) { | |||
101 | 130 | ||
102 | doexit: | 131 | doexit: |
103 | free(expanded); | 132 | free(expanded); |
104 | } \ No newline at end of file | 133 | } |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 504842a9e..7e33a6b45 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -136,7 +136,7 @@ The directory is created if it doesn't already exist. | |||
136 | .br | 136 | .br |
137 | Use this command for whitelisted directories you need to preserve | 137 | Use this command for whitelisted directories you need to preserve |
138 | when the sandbox is closed. Without it, the application will create the directory, and the directory | 138 | when the sandbox is closed. Without it, the application will create the directory, and the directory |
139 | will be deleted when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from | 139 | will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from |
140 | firefox profile: | 140 | firefox profile: |
141 | .br | 141 | .br |
142 | 142 | ||
@@ -145,17 +145,13 @@ mkdir ~/.mozilla | |||
145 | .br | 145 | .br |
146 | whitelist ~/.mozilla | 146 | whitelist ~/.mozilla |
147 | .br | 147 | .br |
148 | mkdir ~/.cache | ||
149 | .br | ||
150 | mkdir ~/.cache/mozilla | ||
151 | .br | ||
152 | mkdir ~/.cache/mozilla/firefox | 148 | mkdir ~/.cache/mozilla/firefox |
153 | .br | 149 | .br |
154 | whitelist ~/.cache/mozilla/firefox | 150 | whitelist ~/.cache/mozilla/firefox |
155 | .TP | 151 | .TP |
156 | \fBmkfile file | 152 | \fBmkfile file |
157 | Similar to mkdir, this command creates a file in user home before the sandbox is started. | 153 | Similar to mkdir, this command creates a file in user home before the sandbox is started. |
158 | The file is created if it doesn't already exist. | 154 | The file is created if it doesn't already exist, but it's target directory has to exist. |
159 | .TP | 155 | .TP |
160 | \fBnoexec file_or_directory | 156 | \fBnoexec file_or_directory |
161 | Remount the file or the directory noexec, nodev and nosuid. | 157 | Remount the file or the directory noexec, nodev and nosuid. |
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 08888020c..00e6e29c2 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -51,5 +51,6 @@ echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" | |||
51 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" | 51 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" |
52 | ./option_bind_user.exp | 52 | ./option_bind_user.exp |
53 | 53 | ||
54 | 54 | echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" | |
55 | ./mkdir.exp | ||
55 | 56 | ||
diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp new file mode 100755 index 000000000..111db06db --- /dev/null +++ b/test/fs/mkdir.exp | |||
@@ -0,0 +1,20 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 3 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
13 | "Warning: cannot create" { puts "TESTING ERROR 1.2\n";exit} | ||
14 | "No such file or directory" { puts "TESTING ERROR 1.3\n";exit} | ||
15 | ".firejail_test/a/b/c/d.txt" | ||
16 | } | ||
17 | send -- "rm -rf ~/.firejail_test\r" | ||
18 | after 100 | ||
19 | |||
20 | puts "\nall done\n" | ||
diff --git a/test/fs/mkdir.profile b/test/fs/mkdir.profile new file mode 100644 index 000000000..61b44c9ac --- /dev/null +++ b/test/fs/mkdir.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | mkdir ~/.firejail_test/a/b/c | ||
2 | mkfile ~/.firejail_test/a/b/c/d.txt | ||