diff options
-rw-r--r-- | etc/akregator.profile | 7 | ||||
-rw-r--r-- | etc/darktable.profile | 1 | ||||
-rw-r--r-- | etc/dia.profile | 1 | ||||
-rw-r--r-- | etc/hugin.profile | 1 | ||||
-rw-r--r-- | etc/inkscape.profile | 1 | ||||
-rw-r--r-- | etc/luminance-hdr.profile | 1 | ||||
-rw-r--r-- | etc/pidgin.profile | 3 | ||||
-rw-r--r-- | etc/scribus.profile | 1 | ||||
-rw-r--r-- | etc/skype.profile | 1 | ||||
-rw-r--r-- | etc/synfigstudio.profile | 1 |
10 files changed, 18 insertions, 0 deletions
diff --git a/etc/akregator.profile b/etc/akregator.profile index 12bb06fb5..55434e45b 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -13,6 +13,12 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkfile ${HOME}/.config/akregatorrc | ||
17 | mkdir ${HOME}/.local/share/akregator | ||
18 | whitelist ${HOME}/.config/akregatorrc | ||
19 | whitelist ${HOME}/.local/share/akregator | ||
20 | include /etc/firejail/whitelist-common.inc | ||
21 | |||
16 | caps.drop all | 22 | caps.drop all |
17 | netfilter | 23 | netfilter |
18 | no3d | 24 | no3d |
@@ -27,6 +33,7 @@ seccomp | |||
27 | shell none | 33 | shell none |
28 | 34 | ||
29 | disable-mnt | 35 | disable-mnt |
36 | private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | ||
30 | private-dev | 37 | private-dev |
31 | private-tmp | 38 | private-tmp |
32 | 39 | ||
diff --git a/etc/darktable.profile b/etc/darktable.profile index e04163486..c2dc0b42c 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -26,6 +26,7 @@ protocol unix,inet,inet6 | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | #private-bin darktable | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/dia.profile b/etc/dia.profile index a625ab36d..abe83ac8c 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -27,6 +27,7 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | disable-mnt | 29 | disable-mnt |
30 | #private-bin dia | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/hugin.profile b/etc/hugin.profile index d3cd181b1..ff88e0d5c 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 3266d8230..c062ab8ef 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -27,6 +27,7 @@ protocol unix | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | #private-bin inkscape | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index bd32e0c70..ec2a65290 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -26,6 +26,7 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | tracelog | 27 | tracelog |
28 | 28 | ||
29 | #private-bin luminance-hdr,luminance-hdr-cli,align_image_stack | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index dd610920a..d195cf586 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -27,3 +27,6 @@ tracelog | |||
27 | private-bin pidgin | 27 | private-bin pidgin |
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index e4c88be49..dd06fa59f 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -38,5 +38,6 @@ protocol unix | |||
38 | seccomp | 38 | seccomp |
39 | tracelog | 39 | tracelog |
40 | 40 | ||
41 | #private-bin scribus,gs | ||
41 | private-dev | 42 | private-dev |
42 | # private-tmp | 43 | # private-tmp |
diff --git a/etc/skype.profile b/etc/skype.profile index f3e504a3f..b12f9879e 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -24,6 +24,7 @@ seccomp | |||
24 | shell none | 24 | shell none |
25 | 25 | ||
26 | disable-mnt | 26 | disable-mnt |
27 | #private-bin skype,bash | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | 30 | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 08ece1e9b..b0014ace6 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | #private-bin synfigstudio | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||