diff options
63 files changed, 87 insertions, 87 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 88c9c453b..565d42567 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -24,6 +24,7 @@ whitelist ${HOME}/.cache/0ad | |||
24 | whitelist ${HOME}/.config/0ad | 24 | whitelist ${HOME}/.config/0ad |
25 | whitelist ${HOME}/.local/share/0ad | 25 | whitelist ${HOME}/.local/share/0ad |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | ||
27 | 28 | ||
28 | caps.drop all | 29 | caps.drop all |
29 | netfilter | 30 | netfilter |
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index ece681c35..eb21349a9 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -39,6 +39,7 @@ nonewprivs | |||
39 | noroot | 39 | noroot |
40 | notv | 40 | notv |
41 | nou2f | 41 | nou2f |
42 | novideo | ||
42 | protocol unix,inet,inet6,netlink | 43 | protocol unix,inet,inet6,netlink |
43 | seccomp | 44 | seccomp |
44 | shell none | 45 | shell none |
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 6559be21a..937d02d60 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -31,6 +31,7 @@ nonewprivs | |||
31 | nosound | 31 | nosound |
32 | notv | 32 | notv |
33 | nou2f | 33 | nou2f |
34 | novideo | ||
34 | protocol unix | 35 | protocol unix |
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
diff --git a/etc/asunder.profile b/etc/asunder.profile index fc10739aa..1f3acd735 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -30,6 +30,7 @@ nodbus | |||
30 | nonewprivs | 30 | nonewprivs |
31 | noroot | 31 | noroot |
32 | nou2f | 32 | nou2f |
33 | novideo | ||
33 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
34 | seccomp | 35 | seccomp |
35 | shell none | 36 | shell none |
diff --git a/etc/baobab.profile b/etc/baobab.profile index d2980f75c..c419aa202 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -32,5 +32,3 @@ shell none | |||
32 | private-bin baobab | 32 | private-bin baobab |
33 | private-dev | 33 | private-dev |
34 | private-tmp | 34 | private-tmp |
35 | |||
36 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | ||
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile index 7cd39ca6a..29f676535 100644 --- a/etc/dconf-editor.profile +++ b/etc/dconf-editor.profile | |||
@@ -41,5 +41,3 @@ private-dev | |||
41 | private-etc alternatives,dconf,fonts,gtk-3.0,machine-id | 41 | private-etc alternatives,dconf,fonts,gtk-3.0,machine-id |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
44 | |||
45 | # memory-deny-write-execute | ||
diff --git a/etc/devhelp.profile b/etc/devhelp.profile index 60bebb0c9..02b752b5f 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile | |||
@@ -41,6 +41,6 @@ private-dev | |||
41 | private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl | 41 | private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | #memory-deny-write-execute - breaks on Arch (see issue 1803) | 44 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
45 | 45 | ||
46 | read-only ${HOME} | 46 | read-only ${HOME} |
diff --git a/etc/dino.profile b/etc/dino.profile index f7b220936..82ddf2819 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for dino | 1 | # Firejail profile for dino |
2 | # Description: Modern XMPP Chat Client using GTK+/Vala | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include dino.local | 5 | include dino.local |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 5fc65193a..fe49ce2f4 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -299,11 +299,14 @@ blacklist ${HOME}/*.kdbx | |||
299 | blacklist ${HOME}/*.key | 299 | blacklist ${HOME}/*.key |
300 | blacklist ${HOME}/.Private | 300 | blacklist ${HOME}/.Private |
301 | blacklist ${HOME}/.caff | 301 | blacklist ${HOME}/.caff |
302 | blacklist ${HOME}/.cargo/credentials | ||
302 | blacklist ${HOME}/.cert | 303 | blacklist ${HOME}/.cert |
303 | blacklist ${HOME}/.config/keybase | 304 | blacklist ${HOME}/.config/keybase |
304 | blacklist ${HOME}/.davfs2/secrets | 305 | blacklist ${HOME}/.davfs2/secrets |
305 | blacklist ${HOME}/.ecryptfs | 306 | blacklist ${HOME}/.ecryptfs |
306 | blacklist ${HOME}/.fetchmailrc | 307 | blacklist ${HOME}/.fetchmailrc |
308 | blacklist ${HOME}/.git-credential-cache | ||
309 | blacklist ${HOME}/.git-credentials | ||
307 | blacklist ${HOME}/.gnome2/keyrings | 310 | blacklist ${HOME}/.gnome2/keyrings |
308 | blacklist ${HOME}/.gnupg | 311 | blacklist ${HOME}/.gnupg |
309 | blacklist ${HOME}/.config/hub | 312 | blacklist ${HOME}/.config/hub |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 260d317d1..e54b651a6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -29,9 +29,9 @@ blacklist ${HOME}/.Steam | |||
29 | blacklist ${HOME}/.Steampath | 29 | blacklist ${HOME}/.Steampath |
30 | blacklist ${HOME}/.Steampid | 30 | blacklist ${HOME}/.Steampid |
31 | blacklist ${HOME}/.TelegramDesktop | 31 | blacklist ${HOME}/.TelegramDesktop |
32 | blacklist ${HOME}/.VSCodium | ||
32 | blacklist ${HOME}/.ViberPC | 33 | blacklist ${HOME}/.ViberPC |
33 | blacklist ${HOME}/.VirtualBox | 34 | blacklist ${HOME}/.VirtualBox |
34 | blacklist ${HOME}/.VSCodium | ||
35 | blacklist ${HOME}/.WebStorm* | 35 | blacklist ${HOME}/.WebStorm* |
36 | blacklist ${HOME}/.Wolfram Research | 36 | blacklist ${HOME}/.Wolfram Research |
37 | blacklist ${HOME}/.ZAP | 37 | blacklist ${HOME}/.ZAP |
@@ -97,9 +97,9 @@ blacklist ${HOME}/.config/MusicBrainz | |||
97 | blacklist ${HOME}/.config/Nathan Osman | 97 | blacklist ${HOME}/.config/Nathan Osman |
98 | blacklist ${HOME}/.config/Nylas Mail | 98 | blacklist ${HOME}/.config/Nylas Mail |
99 | blacklist ${HOME}/.config/PBE | 99 | blacklist ${HOME}/.config/PBE |
100 | blacklist ${HOME}/.config/Qlipper | ||
101 | blacklist ${HOME}/.config/QGIS | 100 | blacklist ${HOME}/.config/QGIS |
102 | blacklist ${HOME}/.config/QMediathekView | 101 | blacklist ${HOME}/.config/QMediathekView |
102 | blacklist ${HOME}/.config/Qlipper | ||
103 | blacklist ${HOME}/.config/QuiteRss | 103 | blacklist ${HOME}/.config/QuiteRss |
104 | blacklist ${HOME}/.config/QuiteRssrc | 104 | blacklist ${HOME}/.config/QuiteRssrc |
105 | blacklist ${HOME}/.config/Rambox | 105 | blacklist ${HOME}/.config/Rambox |
@@ -182,10 +182,11 @@ blacklist ${HOME}/.config/ghb | |||
182 | blacklist ${HOME}/.config/ghostwriter | 182 | blacklist ${HOME}/.config/ghostwriter |
183 | blacklist ${HOME}/.config/git | 183 | blacklist ${HOME}/.config/git |
184 | blacklist ${HOME}/.config/globaltime | 184 | blacklist ${HOME}/.config/globaltime |
185 | blacklist ${HOME}/.config/gnome-builder | ||
185 | blacklist ${HOME}/.config/gnome-mplayer | 186 | blacklist ${HOME}/.config/gnome-mplayer |
186 | blacklist ${HOME}/.config/gnome-mpv | 187 | blacklist ${HOME}/.config/gnome-mpv |
187 | blacklist ${HOME}/.config/godot | ||
188 | blacklist ${HOME}/.config/gnome-pie | 188 | blacklist ${HOME}/.config/gnome-pie |
189 | blacklist ${HOME}/.config/godot | ||
189 | blacklist ${HOME}/.config/google-chrome | 190 | blacklist ${HOME}/.config/google-chrome |
190 | blacklist ${HOME}/.config/google-chrome-beta | 191 | blacklist ${HOME}/.config/google-chrome-beta |
191 | blacklist ${HOME}/.config/google-chrome-unstable | 192 | blacklist ${HOME}/.config/google-chrome-unstable |
@@ -235,8 +236,8 @@ blacklist ${HOME}/.config/meteo-qt | |||
235 | blacklist ${HOME}/.config/mfusion | 236 | blacklist ${HOME}/.config/mfusion |
236 | blacklist ${HOME}/.config/midori | 237 | blacklist ${HOME}/.config/midori |
237 | blacklist ${HOME}/.config/mono | 238 | blacklist ${HOME}/.config/mono |
238 | blacklist ${HOME}/.config/mpd | ||
239 | blacklist ${HOME}/.config/mpDris2 | 239 | blacklist ${HOME}/.config/mpDris2 |
240 | blacklist ${HOME}/.config/mpd | ||
240 | blacklist ${HOME}/.config/mps-youtube | 241 | blacklist ${HOME}/.config/mps-youtube |
241 | blacklist ${HOME}/.config/mpv | 242 | blacklist ${HOME}/.config/mpv |
242 | blacklist ${HOME}/.config/mupen64plus | 243 | blacklist ${HOME}/.config/mupen64plus |
@@ -257,8 +258,8 @@ blacklist ${HOME}/.config/opera | |||
257 | blacklist ${HOME}/.config/opera-beta | 258 | blacklist ${HOME}/.config/opera-beta |
258 | blacklist ${HOME}/.config/orage | 259 | blacklist ${HOME}/.config/orage |
259 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 260 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
260 | blacklist ${HOME}/.config/pavucontrol.ini | ||
261 | blacklist ${HOME}/.config/pavucontrol-qt | 261 | blacklist ${HOME}/.config/pavucontrol-qt |
262 | blacklist ${HOME}/.config/pavucontrol.ini | ||
262 | blacklist ${HOME}/.config/pcmanfm | 263 | blacklist ${HOME}/.config/pcmanfm |
263 | blacklist ${HOME}/.config/pdfmod | 264 | blacklist ${HOME}/.config/pdfmod |
264 | blacklist ${HOME}/.config/Pinta | 265 | blacklist ${HOME}/.config/Pinta |
@@ -356,8 +357,6 @@ blacklist ${HOME}/.freecol | |||
356 | blacklist ${HOME}/.freemind | 357 | blacklist ${HOME}/.freemind |
357 | blacklist ${HOME}/.frozen-bubble | 358 | blacklist ${HOME}/.frozen-bubble |
358 | blacklist ${HOME}/.gimp* | 359 | blacklist ${HOME}/.gimp* |
359 | blacklist ${HOME}/.git-credentials | ||
360 | blacklist ${HOME}/.git-credential-cache | ||
361 | blacklist ${HOME}/.gitconfig | 360 | blacklist ${HOME}/.gitconfig |
362 | blacklist ${HOME}/.gnome/gnome-schedule | 361 | blacklist ${HOME}/.gnome/gnome-schedule |
363 | blacklist ${HOME}/.googleearth/Cache/ | 362 | blacklist ${HOME}/.googleearth/Cache/ |
@@ -417,13 +416,13 @@ blacklist ${HOME}/.kde4/share/apps/kaffeine | |||
417 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 416 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
418 | blacklist ${HOME}/.kde4/share/apps/kget | 417 | blacklist ${HOME}/.kde4/share/apps/kget |
419 | blacklist ${HOME}/.kde4/share/apps/khtml | 418 | blacklist ${HOME}/.kde4/share/apps/khtml |
420 | blacklist ${HOME}/.kde4/share/apps/konqueror | ||
421 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 419 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
420 | blacklist ${HOME}/.kde4/share/apps/konqueror | ||
422 | blacklist ${HOME}/.kde4/share/apps/kopete | 421 | blacklist ${HOME}/.kde4/share/apps/kopete |
423 | blacklist ${HOME}/.kde4/share/apps/ktorrent | 422 | blacklist ${HOME}/.kde4/share/apps/ktorrent |
424 | blacklist ${HOME}/.kde4/share/apps/okular | 423 | blacklist ${HOME}/.kde4/share/apps/okular |
425 | blacklist ${HOME}/.kde4/share/config/baloorc | ||
426 | blacklist ${HOME}/.kde4/share/config/baloofilerc | 424 | blacklist ${HOME}/.kde4/share/config/baloofilerc |
425 | blacklist ${HOME}/.kde4/share/config/baloorc | ||
427 | blacklist ${HOME}/.kde4/share/config/digikam | 426 | blacklist ${HOME}/.kde4/share/config/digikam |
428 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 427 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
429 | blacklist ${HOME}/.kde4/share/config/k3brc | 428 | blacklist ${HOME}/.kde4/share/config/k3brc |
@@ -446,9 +445,9 @@ blacklist ${HOME}/.kinorc | |||
446 | blacklist ${HOME}/.klatexformula | 445 | blacklist ${HOME}/.klatexformula |
447 | blacklist ${HOME}/.kodi | 446 | blacklist ${HOME}/.kodi |
448 | blacklist ${HOME}/.lincity-ng | 447 | blacklist ${HOME}/.lincity-ng |
448 | blacklist ${HOME}/.links | ||
449 | blacklist ${HOME}/.linphone-history.db | 449 | blacklist ${HOME}/.linphone-history.db |
450 | blacklist ${HOME}/.linphonerc | 450 | blacklist ${HOME}/.linphonerc |
451 | blacklist ${HOME}/.links | ||
452 | blacklist ${HOME}/.lmmsrc.xml | 451 | blacklist ${HOME}/.lmmsrc.xml |
453 | blacklist ${HOME}/.local/lib/vivaldi | 452 | blacklist ${HOME}/.local/lib/vivaldi |
454 | blacklist ${HOME}/.local/share/0ad | 453 | blacklist ${HOME}/.local/share/0ad |
@@ -502,6 +501,7 @@ blacklist ${HOME}/.local/share/geeqie | |||
502 | blacklist ${HOME}/.local/share/gitg | 501 | blacklist ${HOME}/.local/share/gitg |
503 | blacklist ${HOME}/.local/share/gnome-2048 | 502 | blacklist ${HOME}/.local/share/gnome-2048 |
504 | blacklist ${HOME}/.local/share/gnome-chess | 503 | blacklist ${HOME}/.local/share/gnome-chess |
504 | blacklist ${HOME}/.local/share/gnome-builder | ||
505 | blacklist ${HOME}/.local/share/gnome-music | 505 | blacklist ${HOME}/.local/share/gnome-music |
506 | blacklist ${HOME}/.local/share/gnome-photos | 506 | blacklist ${HOME}/.local/share/gnome-photos |
507 | blacklist ${HOME}/.local/share/gnome-recipes | 507 | blacklist ${HOME}/.local/share/gnome-recipes |
@@ -637,9 +637,7 @@ blacklist ${HOME}/.teeworlds | |||
637 | blacklist ${HOME}/.thunderbird | 637 | blacklist ${HOME}/.thunderbird |
638 | blacklist ${HOME}/.tilp | 638 | blacklist ${HOME}/.tilp |
639 | blacklist ${HOME}/.tooling | 639 | blacklist ${HOME}/.tooling |
640 | blacklist ${HOME}/.tor-browser | 640 | blacklist ${HOME}/.tor-browser* |
641 | blacklist ${HOME}/.tor-browser-* | ||
642 | blacklist ${HOME}/.tor-browser_* | ||
643 | blacklist ${HOME}/.torcs | 641 | blacklist ${HOME}/.torcs |
644 | blacklist ${HOME}/.tremulous | 642 | blacklist ${HOME}/.tremulous |
645 | blacklist ${HOME}/.ts3client | 643 | blacklist ${HOME}/.ts3client |
@@ -718,6 +716,7 @@ blacklist ${HOME}/.cache/godot | |||
718 | blacklist ${HOME}/.cache/google-chrome | 716 | blacklist ${HOME}/.cache/google-chrome |
719 | blacklist ${HOME}/.cache/google-chrome-beta | 717 | blacklist ${HOME}/.cache/google-chrome-beta |
720 | blacklist ${HOME}/.cache/google-chrome-unstable | 718 | blacklist ${HOME}/.cache/google-chrome-unstable |
719 | blacklist ${HOME}/.cache/gnome-builder | ||
721 | blacklist ${HOME}/.cache/gnome-recipes | 720 | blacklist ${HOME}/.cache/gnome-recipes |
722 | blacklist ${HOME}/.cache/gnome-twitch | 721 | blacklist ${HOME}/.cache/gnome-twitch |
723 | blacklist ${HOME}/.cache/gradio | 722 | blacklist ${HOME}/.cache/gradio |
diff --git a/etc/emacs.profile b/etc/emacs.profile index 071a9f5d2..ab378105e 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -26,5 +26,6 @@ nogroups | |||
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | 28 | notv |
29 | novideo | ||
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | seccomp | 31 | seccomp |
diff --git a/etc/eo-common.profile b/etc/eo-common.profile index f4b263f50..c4ad8ced4 100644 --- a/etc/eo-common.profile +++ b/etc/eo-common.profile | |||
@@ -43,5 +43,3 @@ private-dev | |||
43 | private-etc alternatives,dconf,fonts,gtk-3.0 | 43 | private-etc alternatives,dconf,fonts,gtk-3.0 |
44 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 44 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
45 | private-tmp | 45 | private-tmp |
46 | |||
47 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | ||
diff --git a/etc/etr.profile b/etc/etr.profile index d93d3de63..97a43bb59 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for etr | 1 | # Firejail profile for etr |
2 | # Description: High speed arctic racing game | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include etr.local | 5 | include etr.local |
@@ -29,6 +30,7 @@ nonewprivs | |||
29 | noroot | 30 | noroot |
30 | notv | 31 | notv |
31 | nou2f | 32 | nou2f |
33 | novideo | ||
32 | protocol unix,netlink | 34 | protocol unix,netlink |
33 | seccomp | 35 | seccomp |
34 | shell none | 36 | shell none |
diff --git a/etc/falkon.profile b/etc/falkon.profile index cabf5aeba..ddcda6228 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile | |||
@@ -38,5 +38,6 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
38 | # tracelog | 38 | # tracelog |
39 | 39 | ||
40 | private-dev | 40 | private-dev |
41 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | ||
41 | # private-tmp - interferes with the opening of downloaded files | 42 | # private-tmp - interferes with the opening of downloaded files |
42 | 43 | ||
diff --git a/etc/feedreader.profile b/etc/feedreader.profile index e453cc611..e381b12d6 100644 --- a/etc/feedreader.profile +++ b/etc/feedreader.profile | |||
@@ -15,6 +15,7 @@ include disable-exec.inc | |||
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | ||
18 | 19 | ||
19 | mkdir ${HOME}/.cache/feedreader | 20 | mkdir ${HOME}/.cache/feedreader |
20 | mkdir ${HOME}/.local/share/feedreader | 21 | mkdir ${HOME}/.local/share/feedreader |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index db1426f36..496152540 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -37,5 +37,3 @@ tracelog | |||
37 | # private-bin file-roller | 37 | # private-bin file-roller |
38 | private-dev | 38 | private-dev |
39 | # private-tmp | 39 | # private-tmp |
40 | |||
41 | # memory-deny-write-execute | ||
diff --git a/etc/firefox.profile b/etc/firefox.profile index 0c143f569..8d90a0917 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -17,7 +17,7 @@ whitelist ${HOME}/.mozilla | |||
17 | # firefox requires a shell to launch on Arch. | 17 | # firefox requires a shell to launch on Arch. |
18 | #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which | 18 | #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which |
19 | # Fedora use shell scripts to launch firefox, at least this is required | 19 | # Fedora use shell scripts to launch firefox, at least this is required |
20 | #private-bin awk,basename,bash,cat,dirname,env,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname,which | 20 | #private-bin awk,basename,bash,cat,dbus-launch,dbus-send,dirname,env,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname,which |
21 | # private-etc must first be enabled in firefox-common.profile | 21 | # private-etc must first be enabled in firefox-common.profile |
22 | #private-etc firefox | 22 | #private-etc firefox |
23 | 23 | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 3931aa64a..6cef181c8 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -31,6 +31,7 @@ nonewprivs | |||
31 | noroot | 31 | noroot |
32 | notv | 32 | notv |
33 | nou2f | 33 | nou2f |
34 | novideo | ||
34 | protocol unix,netlink | 35 | protocol unix,netlink |
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index cb7e7c513..ed9e23b3b 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -35,8 +35,7 @@ protocol unix,inet,inet6,netlink | |||
35 | shell none | 35 | shell none |
36 | #tracelog -- breaks | 36 | #tracelog -- breaks |
37 | 37 | ||
38 | # Breaks Translation | 38 | private-bin ghostwriter,pandoc,gettext |
39 | #private-bin ghostwriter,pandoc | ||
40 | private-cache | 39 | private-cache |
41 | private-dev | 40 | private-dev |
42 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 41 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 762e743c8..fab7fa123 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | 9 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory |
10 | # if you are not using external plugins, you can comment 'ignore noexec' statement below | 10 | # if you are not using external plugins, you can comment 'ignore noexec' statement below |
11 | # or put 'ignore ignore noexec ${HOME}' in your gimp.local | 11 | # or put 'noexec ${HOME}' in your gimp.local |
12 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
13 | 13 | ||
14 | noblacklist ${HOME}/.config/GIMP | 14 | noblacklist ${HOME}/.config/GIMP |
diff --git a/etc/gitg.profile b/etc/gitg.profile index f6f51ef6f..08c1c94b6 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -22,6 +22,7 @@ include disable-programs.inc | |||
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | ||
25 | no3d | 26 | no3d |
26 | nodvd | 27 | nodvd |
27 | nogroups | 28 | nogroups |
@@ -39,6 +40,3 @@ private-bin git,gitg,ssh | |||
39 | private-cache | 40 | private-cache |
40 | private-dev | 41 | private-dev |
41 | private-tmp | 42 | private-tmp |
42 | |||
43 | # mdwe breaks diff in older versions | ||
44 | #memory-deny-write-execute | ||
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index ab2ca183b..726a74089 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
@@ -6,6 +6,10 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gnome-builder | ||
10 | noblacklist ${HOME}/.config/gnome-builder | ||
11 | noblacklist ${HOME}/.local/share/gnome-builder | ||
12 | |||
9 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
10 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
11 | 15 | ||
diff --git a/etc/gnome-character-map.profile b/etc/gnome-character-map.profile index 35db448f2..27804fdd0 100644 --- a/etc/gnome-character-map.profile +++ b/etc/gnome-character-map.profile | |||
@@ -6,4 +6,5 @@ include gnome-character-map.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # Redirect | ||
9 | include gucharmap.profile | 10 | include gucharmap.profile |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 3bbad67bb..aa0b7dbe3 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -28,6 +28,7 @@ noroot | |||
28 | nosound | 28 | nosound |
29 | notv | 29 | notv |
30 | nou2f | 30 | nou2f |
31 | novideo | ||
31 | protocol unix | 32 | protocol unix |
32 | seccomp | 33 | seccomp |
33 | shell none | 34 | shell none |
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index e8b36dd41..005808379 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile | |||
@@ -35,14 +35,6 @@ include disable-xdg.inc | |||
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | whitelist ${HOME}/.gnome/gnome-schedule | 37 | whitelist ${HOME}/.gnome/gnome-schedule |
38 | whitelist /etc/at.allow | ||
39 | whitelist /etc/at.deny | ||
40 | whitelist /etc/cron.allow | ||
41 | whitelist /etc/cron.deny | ||
42 | whitelist /etc/fonts | ||
43 | whitelist /etc/pam.d | ||
44 | whitelist /etc/ld.so.preload | ||
45 | whitelist /etc/shadow | ||
46 | whitelist /var/spool/atd | 38 | whitelist /var/spool/atd |
47 | whitelist /var/spool/cron | 39 | whitelist /var/spool/cron |
48 | include whitelist-common.inc | 40 | include whitelist-common.inc |
@@ -66,5 +58,6 @@ tracelog | |||
66 | disable-mnt | 58 | disable-mnt |
67 | private-cache | 59 | private-cache |
68 | private-dev | 60 | private-dev |
61 | private-etc at.allow,at.deny,cron.allow,cron.deny,fonts,pam.d,ld.so.preload,shadow | ||
69 | writable-var | 62 | writable-var |
70 | 63 | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 1e9f898e0..898a07a5f 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -26,6 +26,7 @@ nonewprivs | |||
26 | noroot | 26 | noroot |
27 | notv | 27 | notv |
28 | nou2f | 28 | nou2f |
29 | novideo | ||
29 | seccomp | 30 | seccomp |
30 | tracelog | 31 | tracelog |
31 | 32 | ||
diff --git a/etc/less.profile b/etc/less.profile index 0f31d344b..282b033a6 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -8,8 +8,6 @@ include less.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.lesshst | 10 | noblacklist ${HOME}/.lesshst |
11 | read-only ${HOME} | ||
12 | read-write ${HOME}/.lesshst | ||
13 | 11 | ||
14 | include disable-devel.inc | 12 | include disable-devel.inc |
15 | include disable-exec.inc | 13 | include disable-exec.inc |
@@ -45,3 +43,5 @@ private-dev | |||
45 | writable-var-log | 43 | writable-var-log |
46 | 44 | ||
47 | memory-deny-write-execute | 45 | memory-deny-write-execute |
46 | read-only ${HOME} | ||
47 | read-write ${HOME}/.lesshst | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index b8a6201b2..aa113883e 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -34,6 +34,7 @@ nonewprivs | |||
34 | noroot | 34 | noroot |
35 | notv | 35 | notv |
36 | nou2f | 36 | nou2f |
37 | novideo | ||
37 | # comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile | 38 | # comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile |
38 | protocol unix,inet,inet6 | 39 | protocol unix,inet,inet6 |
39 | # comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile | 40 | # comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile |
diff --git a/etc/mencoder.profile b/etc/mencoder.profile index 136412d11..aac394a59 100644 --- a/etc/mencoder.profile +++ b/etc/mencoder.profile | |||
@@ -25,4 +25,5 @@ shell none | |||
25 | 25 | ||
26 | private-bin mencoder | 26 | private-bin mencoder |
27 | 27 | ||
28 | # Redirect | ||
28 | include mplayer.profile | 29 | include mplayer.profile |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 3b9807b28..20370a5b5 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -26,6 +26,7 @@ noroot | |||
26 | nosound | 26 | nosound |
27 | notv | 27 | notv |
28 | nou2f | 28 | nou2f |
29 | novideo | ||
29 | protocol unix | 30 | protocol unix |
30 | seccomp | 31 | seccomp |
31 | shell none | 32 | shell none |
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 878a5f654..6839f7cf4 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile | |||
@@ -48,15 +48,21 @@ include whitelist-var-common.inc | |||
48 | apparmor | 48 | apparmor |
49 | caps.drop all | 49 | caps.drop all |
50 | netfilter | 50 | netfilter |
51 | nodbus | ||
52 | nodvd | ||
51 | # Seems to cause issues with Nvidia drivers sometimes | 53 | # Seems to cause issues with Nvidia drivers sometimes |
52 | nogroups | 54 | nogroups |
53 | nonewprivs | 55 | nonewprivs |
54 | noroot | 56 | noroot |
57 | notv | ||
58 | nou2f | ||
59 | novideo | ||
55 | protocol unix,inet,inet6 | 60 | protocol unix,inet,inet6 |
56 | seccomp | 61 | seccomp |
57 | shell none | 62 | shell none |
58 | tracelog | 63 | tracelog |
59 | 64 | ||
65 | #private-cache | ||
60 | private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl | 66 | private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl |
61 | private-dev | 67 | private-dev |
62 | private-tmp | 68 | private-tmp |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index d80b3d351..5925ccc09 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -27,6 +27,7 @@ nonewprivs | |||
27 | noroot | 27 | noroot |
28 | notv | 28 | notv |
29 | nou2f | 29 | nou2f |
30 | novideo | ||
30 | protocol unix,netlink | 31 | protocol unix,netlink |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index c5016201d..f1a5741d0 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for pdftotext | 1 | # Firejail profile for pdftotext |
2 | # Description: Portable Document Format (PDF) to text converter | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include pdftotext.local | 5 | include pdftotext.local |
diff --git a/etc/ping.profile b/etc/ping.profile index 00ac45c5a..4ff5250d7 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for ping | 1 | # Firejail profile for ping |
2 | # Description: send ICMP ECHO_REQUEST to network hosts | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | quiet | 4 | quiet |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
diff --git a/etc/pingus.profile b/etc/pingus.profile index 782ee200d..a3adc55a2 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -27,6 +27,7 @@ nonewprivs | |||
27 | noroot | 27 | noroot |
28 | notv | 28 | notv |
29 | nou2f | 29 | nou2f |
30 | novideo | ||
30 | protocol unix,netlink | 31 | protocol unix,netlink |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 1399328d3..47b9d6a9a 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for qemu-system-x86_64 | 1 | # Firejail profile for qemu-system-x86_64 |
2 | # Description: QEMU system emulator for x86_64 | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include qemu-system-x86_64.local | 5 | include qemu-system-x86_64.local |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 954b1a3b4..3f3270dd6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include qupzilla.local | 4 | include qupzilla.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/qupzilla | 9 | noblacklist ${HOME}/.cache/qupzilla |
9 | noblacklist ${HOME}/.config/qupzilla | 10 | noblacklist ${HOME}/.config/qupzilla |
@@ -17,26 +18,10 @@ include disable-programs.inc | |||
17 | 18 | ||
18 | mkdir ${HOME}/.cache/qupzilla | 19 | mkdir ${HOME}/.cache/qupzilla |
19 | mkdir ${HOME}/.config/qupzilla | 20 | mkdir ${HOME}/.config/qupzilla |
20 | whitelist ${DOWNLOADS} | ||
21 | whitelist ${HOME}/.cache/qupzilla | 21 | whitelist ${HOME}/.cache/qupzilla |
22 | whitelist ${HOME}/.config/qupzilla | 22 | whitelist ${HOME}/.config/qupzilla |
23 | include whitelist-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | 23 | ||
26 | caps.drop all | ||
27 | netfilter | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | protocol unix,inet,inet6,netlink | ||
35 | # blacklisting of chroot system calls breaks qupzilla | ||
36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
37 | # tracelog | ||
38 | |||
39 | private-dev | ||
40 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | ||
41 | # private-tmp - interferes with the opening of downloaded files | 24 | # private-tmp - interferes with the opening of downloaded files |
42 | 25 | ||
26 | # Redirect | ||
27 | include falkon.profile | ||
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index e6c48561f..5b3c5439d 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for shotcut | 1 | # Firejail profile for shotcut |
2 | # Description: A free, open source, cross-platform video editor | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include shotcut.local | 5 | include shotcut.local |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 7febcde46..c6f5f70b0 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -27,6 +27,7 @@ nonewprivs | |||
27 | noroot | 27 | noroot |
28 | notv | 28 | notv |
29 | nou2f | 29 | nou2f |
30 | novideo | ||
30 | protocol unix | 31 | protocol unix |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 9cba69a77..d423bb65c 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -42,4 +42,4 @@ private-dev | |||
42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | #memory-deny-write-execute - breaks on Arch | 45 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 15e2de9b0..9934e92b0 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -24,6 +24,7 @@ nodvd | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | 26 | notv |
27 | novideo | ||
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 7a9bb5abe..6949299af 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -30,6 +30,7 @@ nonewprivs | |||
30 | nosound | 30 | nosound |
31 | notv | 31 | notv |
32 | nou2f | 32 | nou2f |
33 | novideo | ||
33 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
34 | seccomp | 35 | seccomp |
35 | shell none | 36 | shell none |
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile index 9c3175ad7..2f73c9fee 100644 --- a/etc/start-tor-browser.desktop.profile +++ b/etc/start-tor-browser.desktop.profile | |||
@@ -6,8 +6,7 @@ include start-tor-browser.desktop.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-* | 9 | noblacklist ${HOME}/.tor-browser* |
10 | noblacklist ${HOME}/.tor-browser_* | ||
11 | 10 | ||
12 | whitelist ${HOME}/.tor-browser-ar | 11 | whitelist ${HOME}/.tor-browser-ar |
13 | whitelist ${HOME}/.tor-browser-ca | 12 | whitelist ${HOME}/.tor-browser-ca |
diff --git a/etc/strings.profile b/etc/strings.profile index 9e681537c..0817d7331 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for strings | 1 | # Firejail profile for strings |
2 | # Description: print the strings of printable characters in files | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | quiet | 4 | quiet |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index d0176a657..6de408740 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile | |||
@@ -31,6 +31,7 @@ nonewprivs | |||
31 | noroot | 31 | noroot |
32 | notv | 32 | notv |
33 | nou2f | 33 | nou2f |
34 | novideo | ||
34 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 287a078b3..4c64ee766 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for supertux2 | 1 | # Firejail profile for supertux2 |
2 | # Description: Jump'n run like game | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include supertux2.local | 5 | include supertux2.local |
@@ -27,6 +28,7 @@ nonewprivs | |||
27 | noroot | 28 | noroot |
28 | notv | 29 | notv |
29 | nou2f | 30 | nou2f |
31 | novideo | ||
30 | protocol unix,netlink | 32 | protocol unix,netlink |
31 | seccomp | 33 | seccomp |
32 | shell none | 34 | shell none |
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 2cd5ec3ad..8a48eeac8 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin supertuxkart | 47 | private-bin supertuxkart |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,selinux,ssl,system-fips,xdg | 50 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl |
51 | private-tmp | 51 | private-tmp |
52 | private-opt none | 52 | private-opt none |
53 | private-srv none | 53 | private-srv none |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 00b2fa122..486be5fe6 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-cli.local | 6 | include transmission-cli.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-cli | 10 | private-bin transmission-cli |
12 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 11 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile index e786fa8a3..1b1fc4af7 100644 --- a/etc/transmission-common.profile +++ b/etc/transmission-common.profile | |||
@@ -1,11 +1,8 @@ | |||
1 | # Firejail profile for transmission-common | 1 | # Firejail profile for transmission-common |
2 | # Description: Fast, easy and free BitTorrent client | 2 | # Description: Fast, easy and free BitTorrent client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
5 | # Persistent local customizations | 4 | # Persistent local customizations |
6 | include transmission-gtk.local | 5 | include transmission-common.local |
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | 6 | ||
10 | noblacklist ${HOME}/.cache/transmission | 7 | noblacklist ${HOME}/.cache/transmission |
11 | noblacklist ${HOME}/.config/transmission | 8 | noblacklist ${HOME}/.config/transmission |
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile index 7c09878bc..8220b7887 100644 --- a/etc/transmission-create.profile +++ b/etc/transmission-create.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-create.local | 6 | include transmission-create.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-create | 10 | private-bin transmission-create |
12 | 11 | ||
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile index ca97bb4dc..f1e7fcb17 100644 --- a/etc/transmission-daemon.profile +++ b/etc/transmission-daemon.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-daemon.local | 6 | include transmission-daemon.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | whitelist /var/lib/transmission | 10 | whitelist /var/lib/transmission |
12 | 11 | ||
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile index 487ea8e51..df381b5cd 100644 --- a/etc/transmission-edit.profile +++ b/etc/transmission-edit.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-edit.local | 6 | include transmission-edit.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-edit | 10 | private-bin transmission-edit |
12 | 11 | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index a45d672ac..01bdeb4ef 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-gtk.local | 6 | include transmission-gtk.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-gtk | 10 | private-bin transmission-gtk |
12 | 11 | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index f207a7e90..94f3c3a20 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-qt.local | 6 | include transmission-qt.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-qt | 10 | private-bin transmission-qt |
12 | 11 | ||
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile index d69e70ece..8b3a966c1 100644 --- a/etc/transmission-remote-cli.profile +++ b/etc/transmission-remote-cli.profile | |||
@@ -5,15 +5,13 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-remote-cli.local | 6 | include transmission-remote-cli.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 11 | include allow-python2.inc |
13 | include allow-python3.inc | 12 | include allow-python3.inc |
14 | 13 | ||
15 | private-bin python*,transmission-remote-cli | 14 | private-bin python*,transmission-remote-cli |
16 | private-etc | ||
17 | 15 | ||
18 | # Redirect | 16 | # Redirect |
19 | include transmission-common.profile | 17 | include transmission-common.profile |
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile index f0b313aed..a6400e2c0 100644 --- a/etc/transmission-remote-gtk.profile +++ b/etc/transmission-remote-gtk.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-remote-gtk.local | 6 | include transmission-remote-gtk.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | noblacklist ${HOME}/.config/transmission-remote-gtk | 10 | noblacklist ${HOME}/.config/transmission-remote-gtk |
12 | 11 | ||
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile index 9ef7119d9..fee4999e6 100644 --- a/etc/transmission-remote.profile +++ b/etc/transmission-remote.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-remote.local | 6 | include transmission-remote.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-remote | 10 | private-bin transmission-remote |
12 | private-etc alternatives,hosts,nsswitch.conf | 11 | private-etc alternatives,hosts,nsswitch.conf |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 89051f956..5a3c83f58 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -5,8 +5,7 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-show.local | 6 | include transmission-show.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | private-bin transmission-show | 10 | private-bin transmission-show |
12 | private-etc alternatives,hosts,nsswitch.conf | 11 | private-etc alternatives,hosts,nsswitch.conf |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index b62d3111d..7223ea2e1 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -23,6 +23,7 @@ nonewprivs | |||
23 | noroot | 23 | noroot |
24 | notv | 24 | notv |
25 | nou2f | 25 | nou2f |
26 | novideo | ||
26 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 85cbc5e43..e65e0a0c3 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -30,6 +30,7 @@ nonewprivs | |||
30 | noroot | 30 | noroot |
31 | notv | 31 | notv |
32 | nou2f | 32 | nou2f |
33 | novideo | ||
33 | protocol unix,inet,inet6,netlink | 34 | protocol unix,inet,inet6,netlink |
34 | seccomp | 35 | seccomp |
35 | shell none | 36 | shell none |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index a67d3a1b8..934edfce9 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -30,6 +30,7 @@ nonewprivs | |||
30 | noroot | 30 | noroot |
31 | notv | 31 | notv |
32 | nou2f | 32 | nou2f |
33 | novideo | ||
33 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
34 | seccomp | 35 | seccomp |
35 | 36 | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 6fc519bee..d87d29ee8 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -19,6 +19,8 @@ noblacklist ${VIDEOS} | |||
19 | include allow-python2.inc | 19 | include allow-python2.inc |
20 | include allow-python3.inc | 20 | include allow-python3.inc |
21 | 21 | ||
22 | blacklist /tmp/.X11-unix | ||
23 | |||
22 | include disable-common.inc | 24 | include disable-common.inc |
23 | include disable-devel.inc | 25 | include disable-devel.inc |
24 | include disable-exec.inc | 26 | include disable-exec.inc |
diff --git a/etc/zathura.profile b/etc/zathura.profile index 922284353..db03076be 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -28,6 +28,7 @@ noroot | |||
28 | nosound | 28 | nosound |
29 | notv | 29 | notv |
30 | nou2f | 30 | nou2f |
31 | novideo | ||
31 | protocol unix | 32 | protocol unix |
32 | seccomp | 33 | seccomp |
33 | shell none | 34 | shell none |