diff options
619 files changed, 3626 insertions, 3475 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 34e50f330..674fb2c6a 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Real-time strategy game of ancient warfare | 2 | # Description: Real-time strategy game of ancient warfare |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/0ad.local | 5 | include 0ad.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/0ad | 9 | noblacklist ${HOME}/.cache/0ad |
10 | noblacklist ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/0ad | 19 | mkdir ${HOME}/.cache/0ad |
20 | mkdir ${HOME}/.config/0ad | 20 | mkdir ${HOME}/.config/0ad |
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad | |||
22 | whitelist ${HOME}/.cache/0ad | 22 | whitelist ${HOME}/.cache/0ad |
23 | whitelist ${HOME}/.config/0ad | 23 | whitelist ${HOME}/.config/0ad |
24 | whitelist ${HOME}/.local/share/0ad | 24 | whitelist ${HOME}/.local/share/0ad |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index fe6bc5ca8..10f354f19 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Mathematics based puzzle game | 2 | # Description: Mathematics based puzzle game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/2048-qt.local | 5 | include 2048-qt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/2048-qt | 9 | noblacklist ${HOME}/.config/2048-qt |
10 | noblacklist ${HOME}/.config/xiaoyong | 10 | noblacklist ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/2048-qt | 18 | mkdir ${HOME}/.config/2048-qt |
19 | mkdir ${HOME}/.config/xiaoyong | 19 | mkdir ${HOME}/.config/xiaoyong |
20 | whitelist ${HOME}/.config/2048-qt | 20 | whitelist ${HOME}/.config/2048-qt |
21 | whitelist ${HOME}/.config/xiaoyong | 21 | whitelist ${HOME}/.config/xiaoyong |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/7z.profile b/etc/7z.profile index 22f4af4b2..363e301e2 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/7z.local | 5 | include 7z.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included default.profile | 7 | # added by included default.profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
@@ -23,4 +23,4 @@ tracelog | |||
23 | 23 | ||
24 | private-dev | 24 | private-dev |
25 | 25 | ||
26 | include /etc/firejail/default.profile | 26 | include default.profile |
diff --git a/etc/7za.profile b/etc/7za.profile index e035bf4f5..28e483a8c 100644 --- a/etc/7za.profile +++ b/etc/7za.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for 7za | 1 | # Firejail profile for 7za |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/7za.local | 4 | include 7za.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # added by included profile | 6 | # added by included profile |
7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/7z.profile | 10 | include 7z.profile |
diff --git a/etc/7zr.profile b/etc/7zr.profile index e48c5494e..1b85badbc 100644 --- a/etc/7zr.profile +++ b/etc/7zr.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for 7zr | 1 | # Firejail profile for 7zr |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/7zr.local | 4 | include 7zr.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # added by included profile | 6 | # added by included profile |
7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/7z.profile | 10 | include 7z.profile |
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 56b9d7f38..e9cc07bd7 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for Cryptocat | 1 | # Firejail profile for Cryptocat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/Cryptocat.local | 4 | include Cryptocat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Cryptocat | 8 | noblacklist ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile index 202bc26f4..2fb21e3cf 100644 --- a/etc/Cyberfox.profile +++ b/etc/Cyberfox.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/cyberfox.profile | 6 | include cyberfox.profile |
diff --git a/etc/Discord.profile b/etc/Discord.profile index 951357387..9a8957265 100644 --- a/etc/Discord.profile +++ b/etc/Discord.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for Discord | 1 | # Firejail profile for Discord |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/Discord.local | 4 | include Discord.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/discord | 9 | noblacklist ${HOME}/.config/discord |
@@ -15,4 +15,4 @@ private-bin Discord | |||
15 | private-opt Discord | 15 | private-opt Discord |
16 | 16 | ||
17 | #Redirect | 17 | #Redirect |
18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile index f7b0e2c56..0624ff949 100644 --- a/etc/DiscordCanary.profile +++ b/etc/DiscordCanary.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for DiscordCanary | 1 | # Firejail profile for DiscordCanary |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/DiscordCanary.local | 4 | include DiscordCanary.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/discordcanary | 9 | noblacklist ${HOME}/.config/discordcanary |
@@ -15,4 +15,4 @@ private-bin DiscordCanary | |||
15 | private-opt DiscordCanary | 15 | private-opt DiscordCanary |
16 | 16 | ||
17 | #Redirect | 17 | #Redirect |
18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile index 01e338ef2..55fd43515 100644 --- a/etc/FossaMail.profile +++ b/etc/FossaMail.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/fossamail.profile | 6 | include fossamail.profile |
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 44eb7a37d..55fb7bae7 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Easy-to-use electronic design software | 2 | # Description: Easy-to-use electronic design software |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/Fritzing.local | 5 | include Fritzing.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Fritzing | 9 | noblacklist ${HOME}/.config/Fritzing |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/Gitter.profile b/etc/Gitter.profile index b12dbd450..53e66d108 100644 --- a/etc/Gitter.profile +++ b/etc/Gitter.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/gitter.profile | 6 | include gitter.profile |
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 125ed568c..2803ebe07 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for JDownloader | 1 | # Firejail profile for JDownloader |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/JDownloader.local | 4 | include JDownloader.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.jd | 9 | noblacklist ${HOME}/.jd |
@@ -14,18 +14,18 @@ noblacklist /usr/lib/java | |||
14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.jd | 24 | mkdir ${HOME}/.jd |
25 | whitelist ${HOME}/.jd | 25 | whitelist ${HOME}/.jd |
26 | whitelist ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index deff02028..6aba2678b 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -1,25 +1,25 @@ | |||
1 | # Firejail profile for Mathematica | 1 | # Firejail profile for Mathematica |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/Mathematica.local | 4 | include Mathematica.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Mathematica | 8 | noblacklist ${HOME}/.Mathematica |
9 | noblacklist ${HOME}/.Wolfram Research | 9 | noblacklist ${HOME}/.Wolfram Research |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.Mathematica | 17 | mkdir ${HOME}/.Mathematica |
18 | mkdir ${HOME}/.Wolfram Research | 18 | mkdir ${HOME}/.Wolfram Research |
19 | whitelist ${HOME}/.Mathematica | 19 | whitelist ${HOME}/.Mathematica |
20 | whitelist ${HOME}/.Wolfram Research | 20 | whitelist ${HOME}/.Wolfram Research |
21 | whitelist ${HOME}/Documents/Wolfram Mathematica | 21 | whitelist ${HOME}/Documents/Wolfram Mathematica |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | nodvd | 25 | nodvd |
diff --git a/etc/Natron.profile b/etc/Natron.profile index b21790fe4..aadd68c5c 100644 --- a/etc/Natron.profile +++ b/etc/Natron.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/natron.profile | 6 | include natron.profile |
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index 558f62f0e..f969cd855 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Search, download or stream files from mediathek.de | 2 | # Description: Search, download or stream files from mediathek.de |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/QMediathekView.local | 5 | include QMediathekView.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/QMediathekView | 9 | noblacklist ${HOME}/.config/QMediathekView |
10 | noblacklist ${HOME}/.local/share/QMediathekView | 10 | noblacklist ${HOME}/.local/share/QMediathekView |
@@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem | |||
18 | noblacklist ${HOME}/.local/share/xplayer | 18 | noblacklist ${HOME}/.local/share/xplayer |
19 | noblacklist ${HOME}/.mplayer | 19 | noblacklist ${HOME}/.mplayer |
20 | 20 | ||
21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
26 | 26 | ||
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
diff --git a/etc/Telegram.profile b/etc/Telegram.profile index df6557a90..51e4d9765 100644 --- a/etc/Telegram.profile +++ b/etc/Telegram.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/telegram.profile | 6 | include telegram.profile |
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 6de6cfb30..9937f3883 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: File Manager for Xfce | 2 | # Description: File Manager for Xfce |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/Thunar.local | 5 | include Thunar.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/Trash | 9 | noblacklist ${HOME}/.local/share/Trash |
10 | noblacklist ${HOME}/.config/Thunar | 10 | noblacklist ${HOME}/.config/Thunar |
11 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 11 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | # include /etc/firejail/disable-programs.inc | 17 | # include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/Viber.profile b/etc/Viber.profile index cb9d01e03..01bb49a99 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for Viber | 1 | # Firejail profile for Viber |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/Viber.local | 4 | include Viber.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.ViberPC | 9 | noblacklist ${HOME}/.ViberPC |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.ViberPC | 18 | whitelist ${HOME}/.ViberPC |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile index c84b8a4ad..5fe8f1c57 100644 --- a/etc/VirtualBox.profile +++ b/etc/VirtualBox.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/virtualbox.profile | 7 | include virtualbox.profile |
diff --git a/etc/XMind.profile b/etc/XMind.profile index 64f6f42f9..6b767555c 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for XMind | 1 | # Firejail profile for XMind |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/XMind.local | 4 | include XMind.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmind | 8 | noblacklist ${HOME}/.xmind |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.xmind | 16 | mkdir ${HOME}/.xmind |
17 | whitelist ${HOME}/.xmind | 17 | whitelist ${HOME}/.xmind |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 7833b82e2..a95c8989a 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for Xephyr | 1 | # Firejail profile for Xephyr |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/Xephyr.local | 4 | include Xephyr.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # | 8 | # |
9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. | 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. |
@@ -18,7 +18,7 @@ include /etc/firejail/globals.local | |||
18 | blacklist /media | 18 | blacklist /media |
19 | 19 | ||
20 | whitelist /var/lib/xkb | 20 | whitelist /var/lib/xkb |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. | 24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index fcdc4fa74..967946a6c 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Virtual Framebuffer 'fake' X server | 2 | # Description: Virtual Framebuffer 'fake' X server |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/Xvfb.local | 5 | include Xvfb.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # | 9 | # |
10 | # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. | 10 | # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. |
@@ -20,7 +20,7 @@ include /etc/firejail/globals.local | |||
20 | blacklist /media | 20 | blacklist /media |
21 | 21 | ||
22 | whitelist /var/lib/xkb | 22 | whitelist /var/lib/xkb |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. | 26 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index d757d6f49..010247c6b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for abrowser | 1 | # Firejail profile for abrowser |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/abrowser.local | 4 | include abrowser.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
@@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla | |||
18 | 18 | ||
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include /etc/firejail/firefox-common.profile | 21 | include firefox-common.profile |
diff --git a/etc/acat.profile b/etc/acat.profile index 08593585c..0b4579035 100644 --- a/etc/acat.profile +++ b/etc/acat.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for acat | 1 | # Firejail profile for acat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/acat.local | 4 | include acat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/adiff.profile b/etc/adiff.profile index 2c114d765..9073b1477 100644 --- a/etc/adiff.profile +++ b/etc/adiff.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for adiff | 1 | # Firejail profile for adiff |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/adiff.local | 4 | include adiff.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 0c5aa0d04..4d40e6594 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
@@ -1,8 +1,8 @@ | |||
1 | # Firejail profile for akonadi_control | 1 | # Firejail profile for akonadi_control |
2 | # Persistent local customizations | 2 | # Persistent local customizations |
3 | include /etc/firejail/akonadi_control.local | 3 | include akonadi_control.local |
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include /etc/firejail/globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.cache/akonadi* | 7 | noblacklist ${HOME}/.cache/akonadi* |
8 | noblacklist ${HOME}/.config/akonadi* | 8 | noblacklist ${HOME}/.config/akonadi* |
@@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes | |||
20 | noblacklist /tmp/akonadi-* | 20 | noblacklist /tmp/akonadi-* |
21 | noblacklist /usr/sbin | 21 | noblacklist /usr/sbin |
22 | 22 | ||
23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
27 | include /etc/firejail/disable-programs.inc | 27 | include disable-programs.inc |
28 | 28 | ||
29 | include /etc/firejail/whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
31 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. | 31 | # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. |
32 | # this affects ubuntu and debian currently | 32 | # this affects ubuntu and debian currently |
diff --git a/etc/akregator.profile b/etc/akregator.profile index cd6621b47..e7d0b74b9 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -2,26 +2,26 @@ | |||
2 | # Description: RSS/Atom feed aggregator | 2 | # Description: RSS/Atom feed aggregator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/akregator.local | 5 | include akregator.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/akregatorrc | 9 | noblacklist ${HOME}/.config/akregatorrc |
10 | noblacklist ${HOME}/.local/share/akregator | 10 | noblacklist ${HOME}/.local/share/akregator |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkfile ${HOME}/.config/akregatorrc | 18 | mkfile ${HOME}/.config/akregatorrc |
19 | mkdir ${HOME}/.local/share/akregator | 19 | mkdir ${HOME}/.local/share/akregator |
20 | whitelist ${HOME}/.config/akregatorrc | 20 | whitelist ${HOME}/.config/akregatorrc |
21 | whitelist ${HOME}/.local/share/akregator | 21 | whitelist ${HOME}/.local/share/akregator |
22 | whitelist ${HOME}/.local/share/kssl | 22 | whitelist ${HOME}/.local/share/kssl |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/als.profile b/etc/als.profile index 8cd9a9182..24b8b976b 100644 --- a/etc/als.profile +++ b/etc/als.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for als | 1 | # Firejail profile for als |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/als.local | 4 | include als.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/amarok.profile b/etc/amarok.profile index cfde146e9..6f2e6b3cc 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Easy to use media player based on the KDE Platform | 2 | # Description: Easy to use media player based on the KDE Platform |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/amarok.local | 5 | include amarok.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/amule.profile b/etc/amule.profile index 7bc6e32d6..e969bb1df 100644 --- a/etc/amule.profile +++ b/etc/amule.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Client for the eD2k and Kad networks, like eMule | 2 | # Description: Client for the eD2k and Kad networks, like eMule |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/amule.local | 5 | include amule.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.aMule | 10 | noblacklist ${HOME}/.aMule |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.aMule | 19 | whitelist ${HOME}/.aMule |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 8f5cd56cc..180e4871b 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for android-studio | 1 | # Firejail profile for android-studio |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/android-studio.local | 4 | include android-studio.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.AndroidStudio* | 8 | noblacklist ${HOME}/.AndroidStudio* |
9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/anydesk.profile b/etc/anydesk.profile index aea5961a0..35b18bab4 100644 --- a/etc/anydesk.profile +++ b/etc/anydesk.profile | |||
@@ -1,21 +1,21 @@ | |||
1 | # Firejail profile for AnyDesk | 1 | # Firejail profile for AnyDesk |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/anydesk.local | 4 | include anydesk.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.anydesk | 8 | noblacklist ${HOME}/.anydesk |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.anydesk | 16 | mkdir ${HOME}/.anydesk |
17 | whitelist ${HOME}/.anydesk | 17 | whitelist ${HOME}/.anydesk |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/aosp.profile b/etc/aosp.profile index 8622d6acd..a4eea4bad 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for aosp | 1 | # Firejail profile for aosp |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/aosp.local | 4 | include aosp.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
@@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig | |||
18 | noblacklist ${HOME}/.ssh | 18 | noblacklist ${HOME}/.ssh |
19 | noblacklist ${HOME}/.tooling | 19 | noblacklist ${HOME}/.tooling |
20 | 20 | ||
21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/apack.profile b/etc/apack.profile index ad44b227e..bd5e49a01 100644 --- a/etc/apack.profile +++ b/etc/apack.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for apack | 1 | # Firejail profile for apack |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/apack.local | 4 | include apack.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/apktool.profile b/etc/apktool.profile index 192069561..bad0c9346 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -3,16 +3,16 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/apktool.local | 6 | include apktool.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | include /etc/firejail/disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 377b597d7..7321f4e90 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -3,19 +3,19 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/arch-audit.local | 6 | include arch-audit.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | 10 | ||
11 | noblacklist /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 27b15412f..1b029d1ac 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/archaudit-report.local | 5 | include archaudit-report.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist /var/lib/pacman | 10 | noblacklist /var/lib/pacman |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/ardour4.profile b/etc/ardour4.profile index 7d1163174..5c22b57d0 100644 --- a/etc/ardour4.profile +++ b/etc/ardour4.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/ardour5.profile | 6 | include ardour5.profile |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index f5cdee1fb..3c207b5b3 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for ardour5 | 1 | # Firejail profile for ardour5 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ardour5.local | 4 | include ardour5.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ardour4 | 8 | noblacklist ${HOME}/.config/ardour4 |
9 | noblacklist ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
@@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst | |||
12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | noblacklist ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/arduino.profile b/etc/arduino.profile index 9f28cada4..6c2375fae 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: AVR development board IDE and built-in libraries | 2 | # Description: AVR development board IDE and built-in libraries |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/arduino.local | 5 | include arduino.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arduino15 | 9 | noblacklist ${HOME}/.arduino15 |
10 | noblacklist ${HOME}/.java | 10 | noblacklist ${HOME}/.java |
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java | |||
17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/arepack.profile b/etc/arepack.profile index f7a9f724a..f5584b2be 100644 --- a/etc/arepack.profile +++ b/etc/arepack.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for arepack | 1 | # Firejail profile for arepack |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/arepack.local | 4 | include arepack.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 0f6b79346..3015349b7 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink | 2 | # Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/aria2c.local | 5 | include aria2c.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aria2 | 9 | noblacklist ${HOME}/.aria2 |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/ark.profile b/etc/ark.profile index 6a8e2dad9..37211682c 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Archive utility | 2 | # Description: Archive utility |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ark.local | 5 | include ark.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/arkrc | 9 | noblacklist ${HOME}/.config/arkrc |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/arm.profile b/etc/arm.profile index 02246e8e9..288dd972a 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Terminal status monitor for Tor relays | 2 | # Description: Terminal status monitor for Tor relays |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/arm.local | 5 | include arm.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arm | 9 | noblacklist ${HOME}/.arm |
10 | 10 | ||
@@ -14,15 +14,15 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.arm | 23 | mkdir ${HOME}/.arm |
24 | whitelist ${HOME}/.arm | 24 | whitelist ${HOME}/.arm |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | ipc-namespace | 28 | ipc-namespace |
diff --git a/etc/artha.profile b/etc/artha.profile index befe9295f..7b0c6735b 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: A free cross-platform English thesaurus based on WordNet | 2 | # Description: A free cross-platform English thesaurus based on WordNet |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/artha.local | 5 | include artha.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/artha.conf | 9 | noblacklist ${HOME}/.config/artha.conf |
10 | noblacklist ${HOME}/.config/enchant | 10 | noblacklist ${HOME}/.config/enchant |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/asunder.profile b/etc/asunder.profile index 30cb7ebdc..3167dfe12 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Graphical audio CD ripper and encoder | 2 | # Description: Graphical audio CD ripper and encoder |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/asunder.local | 5 | include asunder.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/asunder | 9 | noblacklist ${HOME}/.config/asunder |
10 | noblacklist ${HOME}/.asunder_album_genre | 10 | noblacklist ${HOME}/.asunder_album_genre |
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title | |||
12 | noblacklist ${HOME}/.asunder_album_artist | 12 | noblacklist ${HOME}/.asunder_album_artist |
13 | noblacklist ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index a153d08b4..36baee5c4 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -1,6 +1,6 @@ | |||
1 | # Firejail profile for atom-beta | 1 | # Firejail profile for atom-beta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/atom-beta.local | 4 | include atom-beta.local |
5 | # Profile redirect | 5 | # Profile redirect |
6 | include /etc/firejail/atom.profile | 6 | include atom.profile |
diff --git a/etc/atom.profile b/etc/atom.profile index 96b9f5020..ceb68ef3d 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: A hackable text editor for the 21st Century | 2 | # Description: A hackable text editor for the 21st Century |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/atom.local | 5 | include atom.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.atom | 9 | noblacklist ${HOME}/.atom |
10 | noblacklist ${HOME}/.config/Atom | 10 | noblacklist ${HOME}/.config/Atom |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | # net none | 17 | # net none |
diff --git a/etc/atool.profile b/etc/atool.profile index 7545bfb1a..eabdfbc13 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Tool for managing file archives of various types | 2 | # Description: Tool for managing file archives of various types |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/atool.local | 5 | include atool.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
@@ -15,11 +15,11 @@ noblacklist ${PATH}/perl | |||
15 | noblacklist /usr/lib/perl* | 15 | noblacklist /usr/lib/perl* |
16 | noblacklist /usr/share/perl* | 16 | noblacklist /usr/share/perl* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | # include /etc/firejail/disable-devel.inc | 19 | # include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile index 5d841bc0e..3f24acefa 100644 --- a/etc/atril-previewer.profile +++ b/etc/atril-previewer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for atril-previewer | 1 | # Firejail profile for atril-previewer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/atril-previewer.local | 4 | include atril-previewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/atril.profile | 10 | include atril.profile |
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile index 88c74735d..de4a52514 100644 --- a/etc/atril-thumbnailer.profile +++ b/etc/atril-thumbnailer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for atril-thumbnailer | 1 | # Firejail profile for atril-thumbnailer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/atril-thumbnailer.local | 4 | include atril-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/atril.profile | 10 | include atril.profile |
diff --git a/etc/atril.profile b/etc/atril.profile index 27327418d..92fae21d4 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: MATE document viewer | 2 | # Description: MATE document viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/atril.local | 5 | include atril.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/atril | 9 | noblacklist ${HOME}/.cache/atril |
10 | noblacklist ${HOME}/.config/atril | 10 | noblacklist ${HOME}/.config/atril |
@@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS} | |||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | # apparmor | 25 | # apparmor |
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 6a32c5633..93a2f4b3e 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Small and fast audio player which supports lots of formats | 2 | # Description: Small and fast audio player which supports lots of formats |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/audacious.local | 5 | include audacious.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Audaciousrc | 9 | noblacklist ${HOME}/.config/Audaciousrc |
10 | noblacklist ${HOME}/.config/audacious | 10 | noblacklist ${HOME}/.config/audacious |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 14d56202c..4dd412359 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Fast, cross-platform audio editor | 2 | # Description: Fast, cross-platform audio editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/audacity.local | 5 | include audacity.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.audacity-data | 9 | noblacklist ${HOME}/.audacity-data |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/aunpack.profile b/etc/aunpack.profile index 4f03ac60d..cde9473e3 100644 --- a/etc/aunpack.profile +++ b/etc/aunpack.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for aunpack | 1 | # Firejail profile for aunpack |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/aunpack.local | 4 | include aunpack.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/atool.profile | 9 | include atool.profile |
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 02e8d7f7f..9656bb3d7 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: 2FA code generator for GNOME | 2 | # Description: 2FA code generator for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/authenticator.local | 5 | include authenticator.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # blacklisted in 'disable-programs.local' | 9 | # blacklisted in 'disable-programs.local' |
10 | noblacklist ${HOME}/.config/Authenticator | 10 | noblacklist ${HOME}/.config/Authenticator |
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator | |||
13 | noblacklist ${PATH}/python3* | 13 | noblacklist ${PATH}/python3* |
14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # apparmor | 22 | # apparmor |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/aweather.profile b/etc/aweather.profile index 6bf83ffc3..d7228570f 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Advanced Weather Monitoring Program | 2 | # Description: Advanced Weather Monitoring Program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/aweather.local | 5 | include aweather.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/aweather | 9 | noblacklist ${HOME}/.config/aweather |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/aweather | 17 | mkdir ${HOME}/.config/aweather |
18 | whitelist ${HOME}/.config/aweather | 18 | whitelist ${HOME}/.config/aweather |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/awesome.profile b/etc/awesome.profile index 49c1a4aad..5d1bf5071 100644 --- a/etc/awesome.profile +++ b/etc/awesome.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/awesome.local | 5 | include awesome.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.config/awesome | 10 | noblacklist ${HOME}/.config/awesome |
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 88bc67474..5e749cac1 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for baloo_file | 1 | # Firejail profile for baloo_file |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/baloo_file.local | 4 | include baloo_file.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/baloofilerc | 8 | noblacklist ${HOME}/.config/baloofilerc |
9 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 9 | noblacklist ${HOME}/.kde/share/config/baloofilerc |
@@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc | |||
12 | noblacklist ${HOME}/.kde4/share/config/baloorc | 12 | noblacklist ${HOME}/.kde4/share/config/baloorc |
13 | noblacklist ${HOME}/.local/share/baloo | 13 | noblacklist ${HOME}/.local/share/baloo |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | no3d | 24 | no3d |
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile index 87f2949e6..94496ede8 100644 --- a/etc/baloo_filemetadata_temp_extractor.profile +++ b/etc/baloo_filemetadata_temp_extractor.profile | |||
@@ -2,12 +2,12 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/baloo_filemetadata_temp_extractor.local | 5 | include baloo_filemetadata_temp_extractor.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | ignore read-write | 9 | ignore read-write |
10 | read-only ${HOME} | 10 | read-only ${HOME} |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include /etc/firejail/baloo_file.profile | 13 | include baloo_file.profile |
diff --git a/etc/baobab.profile b/etc/baobab.profile index 3e3b0280d..c223b138e 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: GNOME disk usage analyzer | 2 | # Description: GNOME disk usage analyzer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/baobab.local | 5 | include baobab.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | # include /etc/firejail/disable-programs.inc | 13 | # include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 43ba5adcb..5f9fc8ef7 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for basilisk | 1 | # Firejail profile for basilisk |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/basilisk.local | 4 | include basilisk.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk | 8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk |
9 | noblacklist ${HOME}/.moonchild productions/basilisk | 9 | noblacklist ${HOME}/.moonchild productions/basilisk |
@@ -24,4 +24,4 @@ seccomp | |||
24 | #private-opt basilisk | 24 | #private-opt basilisk |
25 | 25 | ||
26 | # Redirect | 26 | # Redirect |
27 | include /etc/firejail/firefox-common.profile | 27 | include firefox-common.profile |
diff --git a/etc/beaker.profile b/etc/beaker.profile index 9215576c7..d18429408 100644 --- a/etc/beaker.profile +++ b/etc/beaker.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for beaker | 1 | # Firejail profile for beaker |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/beaker.local | 4 | include beaker.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Beaker Browser | 8 | noblacklist ${HOME}/.config/Beaker Browser |
9 | 9 | ||
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/Beaker Browser | 13 | mkdir ${HOME}/.config/Beaker Browser |
14 | whitelist ${HOME}/.config/Beaker Browser | 14 | whitelist ${HOME}/.config/Beaker Browser |
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | include /etc/firejail/whitelist-common.inc | 16 | include whitelist-common.inc |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include /etc/firejail/electron.profile | 19 | include electron.profile |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index d2a9dba5e..0691b32c3 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: Bible study tool | 2 | # Description: Bible study tool |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bibletime.local | 5 | include bibletime.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
10 | 10 | ||
11 | noblacklist ${HOME}/.bibletime | 11 | noblacklist ${HOME}/.bibletime |
12 | noblacklist ${HOME}/.sword | 12 | noblacklist ${HOME}/.sword |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | whitelist ${HOME}/.bibletime | 20 | whitelist ${HOME}/.bibletime |
21 | whitelist ${HOME}/.sword | 21 | whitelist ${HOME}/.sword |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | machine-id | 25 | machine-id |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 69a4f9a51..46ce0775b 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Bitcoin is a peer-to-peer network based digital currency | 2 | # Description: Bitcoin is a peer-to-peer network based digital currency |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bitcoin-qt.local | 5 | include bitcoin-qt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bitcoin | 9 | noblacklist ${HOME}/.bitcoin |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.bitcoin | 17 | mkdir ${HOME}/.bitcoin |
18 | mkdir ${HOME}/.config/Bitcoin | 18 | mkdir ${HOME}/.config/Bitcoin |
19 | whitelist ${HOME}/.bitcoin | 19 | whitelist ${HOME}/.bitcoin |
20 | whitelist ${HOME}/.config/Bitcoin | 20 | whitelist ${HOME}/.config/Bitcoin |
21 | 21 | ||
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index c5a7c8e9a..2c2f88ed5 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: IRC to other chat networks gateway | 2 | # Description: IRC to other chat networks gateway |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bitlbee.local | 5 | include bitlbee.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /sbin | 9 | noblacklist /sbin |
10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
11 | # noblacklist /var/log | 11 | # noblacklist /var/log |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | netfilter | 20 | netfilter |
21 | no3d | 21 | no3d |
diff --git a/etc/blackbox.profile b/etc/blackbox.profile index 2672c812a..13e83493d 100644 --- a/etc/blackbox.profile +++ b/etc/blackbox.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/blackbox.local | 5 | include blackbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.blackbox | 10 | noblacklist ${HOME}/.blackbox |
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 8d1e4397a..fa850fe1a 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Delete unnecessary files from the system | 2 | # Description: Delete unnecessary files from the system |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bleachbit.local | 5 | include bleachbit.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
@@ -12,11 +12,11 @@ noblacklist ${PATH}/python3* | |||
12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | # include /etc/firejail/disable-programs.inc | 19 | # include disable-programs.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 4b907018e..9da0cb921 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/blender.profile | 6 | include blender.profile |
diff --git a/etc/blender.profile b/etc/blender.profile index 6456f0a46..77d073cd7 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Very fast and versatile 3D modeller/renderer | 2 | # Description: Very fast and versatile 3D modeller/renderer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/blender.local | 5 | include blender.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/blender | 9 | noblacklist ${HOME}/.config/blender |
10 | 10 | ||
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | # Allow usage of AMD GPU by OpenCL | 23 | # Allow usage of AMD GPU by OpenCL |
24 | noblacklist /sys/module | 24 | noblacklist /sys/module |
diff --git a/etc/bless.profile b/etc/bless.profile index 10e31b014..cc03107a5 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: A full featured hexadecimal editor | 2 | # Description: A full featured hexadecimal editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bless.local | 5 | include bless.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/bless | 9 | noblacklist ${HOME}/.config/bless |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 60e26d264..ce47cb9ab 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Advanced Gtk+ text editor for web and software development | 2 | # Description: Advanced Gtk+ text editor for web and software development |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bluefish.local | 5 | include bluefish.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/bnox.profile b/etc/bnox.profile index 3207a2923..031f3f4bd 100644 --- a/etc/bnox.profile +++ b/etc/bnox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for bnox | 1 | # Firejail profile for bnox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/bnox.local | 4 | include bnox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/bnox | 8 | noblacklist ${HOME}/.cache/bnox |
9 | noblacklist ${HOME}/.config/bnox | 9 | noblacklist ${HOME}/.config/bnox |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox | |||
14 | whitelist ${HOME}/.config/bnox | 14 | whitelist ${HOME}/.config/bnox |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/brackets.profile b/etc/brackets.profile index 5c7950e70..1c03b2119 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for brackets | 1 | # Firejail profile for brackets |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/brackets.local | 4 | include brackets.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Brackets | 8 | noblacklist ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets/ | 9 | #noblacklist /opt/brackets/ |
10 | #noblacklist /opt/google/ | 10 | #noblacklist /opt/google/ |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 1c0b5f843..8ab9472ac 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: CD/DVD burning application for GNOME | 2 | # Description: CD/DVD burning application for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/brasero.local | 5 | include brasero.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/brasero | 9 | noblacklist ${HOME}/.config/brasero |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/brave.profile b/etc/brave.profile index 08bcea561..315564b05 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for brave | 1 | # Firejail profile for brave |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/brave.local | 4 | include brave.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/brave | 8 | noblacklist ${HOME}/.config/brave |
9 | # brave uses gpg for built-in password manager | 9 | # brave uses gpg for built-in password manager |
@@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg | |||
17 | ignore noexec /tmp | 17 | ignore noexec /tmp |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include /etc/firejail/chromium-common.profile | 20 | include chromium-common.profile |
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcat.profile +++ b/etc/bsdcat.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/bsdtar.profile | 6 | include bsdtar.profile |
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcpio.profile +++ b/etc/bsdcpio.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/bsdtar.profile | 6 | include bsdtar.profile |
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 2cb3ddf82..f6864386e 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/bsdtar.local | 5 | include bsdtar.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | blacklist /tmp/.X11-unix | 15 | blacklist /tmp/.X11-unix |
16 | 16 | ||
diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile index f483a1d3d..891476cb1 100644 --- a/etc/bunzip2.profile +++ b/etc/bunzip2.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for bunzip2 | 1 | # Firejail profile for bunzip2 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/bunzip2.local | 4 | include bunzip2.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/gzip.profile | 9 | include gzip.profile |
diff --git a/etc/caja.profile b/etc/caja.profile index 20e690a14..f938792cd 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File manager for the MATE desktop | 2 | # Description: File manager for the MATE desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/caja.local | 5 | include caja.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 9 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
10 | # is already a caja process running on MATE desktops firejail will have no effect. | 10 | # is already a caja process running on MATE desktops firejail will have no effect. |
@@ -19,11 +19,11 @@ noblacklist ${PATH}/python3* | |||
19 | noblacklist /usr/lib/python2* | 19 | noblacklist /usr/lib/python2* |
20 | noblacklist /usr/lib/python3* | 20 | noblacklist /usr/lib/python3* |
21 | 21 | ||
22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include /etc/firejail/disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
26 | # include /etc/firejail/disable-programs.inc | 26 | # include disable-programs.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
diff --git a/etc/calibre.profile b/etc/calibre.profile index ed0304b4a..5c7d3e1e7 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Powerful and easy to use e-book manager | 2 | # Description: Powerful and easy to use e-book manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/calibre.local | 5 | include calibre.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/calibre | 9 | noblacklist ${HOME}/.cache/calibre |
10 | noblacklist ${HOME}/.config/calibre | 10 | noblacklist ${HOME}/.config/calibre |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/calligra.profile b/etc/calligra.profile index 649e87f95..84a60a196 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: Extensive productivity and creative suite | 2 | # Description: Extensive productivity and creative suite |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/calligra.local | 5 | include calligra.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | ipc-namespace | 16 | ipc-namespace |
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraauthor.profile +++ b/etc/calligraauthor.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraconverter.profile +++ b/etc/calligraconverter.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraflow.profile +++ b/etc/calligraflow.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplan.profile +++ b/etc/calligraplan.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplanwork.profile +++ b/etc/calligraplanwork.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrasheets.profile +++ b/etc/calligrasheets.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrastage.profile +++ b/etc/calligrastage.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrawords.profile +++ b/etc/calligrawords.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/calligra.profile | 6 | include calligra.profile |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 422dc93e5..1afcd0365 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File searching tool | 2 | # Description: File searching tool |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/catfish.local | 5 | include catfish.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | # include /etc/firejail/disable-devel.inc | 21 | # include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | 25 | ||
26 | whitelist /var/lib/mlocate | 26 | whitelist /var/lib/mlocate |
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | net none | 30 | net none |
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index 9d3eb65f8..601ca58a9 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -3,9 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/checkbashisms.local | 6 | include checkbashisms.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
@@ -16,14 +16,14 @@ noblacklist ${PATH}/perl | |||
16 | noblacklist /usr/lib/perl* | 16 | noblacklist /usr/lib/perl* |
17 | noblacklist /usr/share/perl* | 17 | noblacklist /usr/share/perl* |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 599e81663..134a06c48 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Hierarchical note taking application | 2 | # Description: Hierarchical note taking application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/cherrytree.local | 5 | include cherrytree.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cherrytree | 9 | noblacklist ${HOME}/.config/cherrytree |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile index 472841e92..f83052d9a 100644 --- a/etc/chromium-browser.profile +++ b/etc/chromium-browser.profile | |||
@@ -2,4 +2,4 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | # Redirect | 4 | # Redirect |
5 | include /etc/firejail/chromium.profile | 5 | include chromium.profile |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 5815be9fb..e7062c5b8 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for chromium-common | 1 | # Firejail profile for chromium-common |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/chromium-common.local | 4 | include chromium-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.pki | 16 | mkdir ${HOME}/.pki |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.pki | 18 | whitelist ${HOME}/.pki |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
23 | caps.keep sys_chroot,sys_admin | 23 | caps.keep sys_chroot,sys_admin |
diff --git a/etc/chromium.profile b/etc/chromium.profile index a1488e3e9..dab9ce449 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: A web browser built for speed, simplicity, and security | 2 | # Description: A web browser built for speed, simplicity, and security |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/chromium.local | 5 | include chromium.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/chromium | 9 | noblacklist ${HOME}/.cache/chromium |
10 | noblacklist ${HOME}/.config/chromium | 10 | noblacklist ${HOME}/.config/chromium |
@@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf | |||
19 | # private-bin chromium,chromium-browser,chromedriver | 19 | # private-bin chromium,chromium-browser,chromedriver |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include /etc/firejail/chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/cin.profile b/etc/cin.profile index cf797723d..02511c478 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for cin | 1 | # Firejail profile for cin |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/cin.local | 4 | include cin.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.bcast5 | 8 | noblacklist ${HOME}/.bcast5 |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | ipc-namespace | 17 | ipc-namespace |
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index e6a1941b5..26f782384 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/cin.profile | 6 | include cin.profile |
diff --git a/etc/clamav.profile b/etc/clamav.profile index 362cf8b35..a48fa8039 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
@@ -3,9 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/clamav.local | 6 | include clamav.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | ipc-namespace | 11 | ipc-namespace |
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdscan.profile +++ b/etc/clamdscan.profile | |||
@@ -4,4 +4,4 @@ quiet | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdtop.profile +++ b/etc/clamdtop.profile | |||
@@ -4,4 +4,4 @@ quiet | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamscan.profile b/etc/clamscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamscan.profile +++ b/etc/clamscan.profile | |||
@@ -4,4 +4,4 @@ quiet | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/clamav.profile | 7 | include clamav.profile |
diff --git a/etc/clamtk.profile b/etc/clamtk.profile index b6f6169ac..c3b5f3ce5 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for clamtk | 1 | # Firejail profile for clamtk |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/clamtk.local | 4 | include clamtk.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | ipc-namespace | 9 | ipc-namespace |
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index f7f0fccca..f0656385f 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Fast, lightweight and user-friendly GTK+2 based email client | 2 | # Description: Fast, lightweight and user-friendly GTK+2 based email client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/claws-mail.local | 5 | include claws-mail.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.signature | 11 | noblacklist ${HOME}/.signature |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/clementine.profile b/etc/clementine.profile index dbf465500..147b0de4b 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Modern music player and library organizer | 2 | # Description: Modern music player and library organizer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/clementine.local | 5 | include clementine.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Clementine | 9 | noblacklist ${HOME}/.cache/Clementine |
10 | noblacklist ${HOME}/.config/Clementine | 10 | noblacklist ${HOME}/.config/Clementine |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/clion.profile b/etc/clion.profile index 9d559bd3a..e230a740d 100644 --- a/etc/clion.profile +++ b/etc/clion.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for CLion | 1 | # Firejail profile for CLion |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/clion.local | 4 | include clion.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.CLion* | 8 | noblacklist ${HOME}/.CLion* |
9 | noblacklist ${HOME}/.gitconfig | 9 | noblacklist ${HOME}/.gitconfig |
@@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
13 | noblacklist ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/clipit.profile b/etc/clipit.profile index dbd261946..1b3ed8c62 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Lightweight GTK+ clipboard manager | 2 | # Description: Lightweight GTK+ clipboard manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/clipit.local | 5 | include clipit.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/clipit | 9 | noblacklist ${HOME}/.config/clipit |
10 | noblacklist ${HOME}/.local/share/clipit | 10 | noblacklist ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 4ff96311d..70277f1ce 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for cliqz | 1 | # Firejail profile for cliqz |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/cliqz.local | 4 | include cliqz.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/cliqz | 8 | noblacklist ${HOME}/.cache/cliqz |
9 | noblacklist ${HOME}/.config/cliqz | 9 | noblacklist ${HOME}/.config/cliqz |
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz | |||
17 | #private-etc cliqz | 17 | #private-etc cliqz |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include /etc/firejail/firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 5744d462b..ee6600b76 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Lightweight ncurses audio player | 2 | # Description: Lightweight ncurses audio player |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/cmus.local | 5 | include cmus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cmus | 9 | noblacklist ${HOME}/.config/cmus |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/code.profile b/etc/code.profile index 496222e4b..6528b63ff 100644 --- a/etc/code.profile +++ b/etc/code.profile | |||
@@ -1,16 +1,16 @@ | |||
1 | # Firejail profile for Visual Studio Code | 1 | # Firejail profile for Visual Studio Code |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/code.local | 4 | include code.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.vscode | 8 | noblacklist ${HOME}/.vscode |
9 | noblacklist ${HOME}/.config/Code | 9 | noblacklist ${HOME}/.config/Code |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 2489e2df4..ca38600d1 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -1,14 +1,14 @@ | |||
1 | # Firejail profile for conkeror | 1 | # Firejail profile for conkeror |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/conkeror.local | 4 | include conkeror.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.conkeror.mozdev.org | 8 | noblacklist ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | whitelist ${HOME}/.conkeror.mozdev.org | 13 | whitelist ${HOME}/.conkeror.mozdev.org |
14 | whitelist ${HOME}/.conkerorrc | 14 | whitelist ${HOME}/.conkerorrc |
@@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc | |||
21 | whitelist ${HOME}/.zotero | 21 | whitelist ${HOME}/.zotero |
22 | whitelist ${HOME}/Downloads | 22 | whitelist ${HOME}/Downloads |
23 | whitelist ${HOME}/dwhelper | 23 | whitelist ${HOME}/dwhelper |
24 | include /etc/firejail/whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/conky.profile b/etc/conky.profile index 389b56783..846868be2 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Highly configurable system monitor | 2 | # Description: Highly configurable system monitor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/conky.local | 5 | include conky.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/corebird.profile b/etc/corebird.profile index 16f531096..bf2e97356 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Native Gtk+ Twitter client for the Linux desktop | 2 | # Description: Native Gtk+ Twitter client for the Linux desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/corebird.local | 5 | include corebird.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/corebird | 9 | noblacklist ${HOME}/.config/corebird |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/cower.profile b/etc/cower.profile index 42a1f91cc..ebd83b326 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
@@ -8,20 +8,20 @@ | |||
8 | quiet | 8 | quiet |
9 | 9 | ||
10 | # Persistent local customizations | 10 | # Persistent local customizations |
11 | include /etc/firejail/cower.local | 11 | include cower.local |
12 | # Persistent global definitions | 12 | # Persistent global definitions |
13 | include /etc/firejail/globals.local | 13 | include globals.local |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/cower/config | 15 | noblacklist ${HOME}/.config/cower/config |
16 | read-only ${HOME}/.config/cower/config | 16 | read-only ${HOME}/.config/cower/config |
17 | 17 | ||
18 | noblacklist /var/lib/pacman | 18 | noblacklist /var/lib/pacman |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 4593ffa0d..f63e0a552 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -3,18 +3,18 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/cpio.local | 6 | include cpio.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | noblacklist /sbin | 12 | noblacklist /sbin |
13 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile index 3d3de7268..7a9039ea4 100644 --- a/etc/cryptocat.profile +++ b/etc/cryptocat.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/Cryptocat.profile | 6 | include Cryptocat.profile |
diff --git a/etc/curl.profile b/etc/curl.profile index 7b5e7e9ae..d20e00740 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -3,17 +3,17 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/curl.local | 6 | include curl.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | noblacklist ${HOME}/.curlrc | 12 | noblacklist ${HOME}/.curlrc |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 81ccbc530..1070b602c 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for cvlc | 1 | # Firejail profile for cvlc |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/cvlc.local | 4 | include cvlc.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # cvlc doesn't like private-bin | 8 | # cvlc doesn't like private-bin |
9 | ignore private-bin | 9 | ignore private-bin |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/vlc.profile | 12 | include vlc.profile |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index ce51906ba..fcb448b30 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for cyberfox | 1 | # Firejail profile for cyberfox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/cyberfox.local | 4 | include cyberfox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.8pecxstudios | 8 | noblacklist ${HOME}/.8pecxstudios |
9 | noblacklist ${HOME}/.cache/8pecxstudios | 9 | noblacklist ${HOME}/.cache/8pecxstudios |
@@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios | |||
18 | #private-etc cyberfox | 18 | #private-etc cyberfox |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include /etc/firejail/firefox-common.profile | 21 | include firefox-common.profile |
diff --git a/etc/darktable.profile b/etc/darktable.profile index 0cbde2ee4..af834f90b 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Virtual lighttable and darkroom for photographers | 2 | # Description: Virtual lighttable and darkroom for photographers |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/darktable.local | 5 | include darktable.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/darktable | 9 | noblacklist ${HOME}/.cache/darktable |
10 | noblacklist ${HOME}/.config/darktable | 10 | noblacklist ${HOME}/.config/darktable |
11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index c7a0b40d3..f751b7bb0 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: A GTK+ audio player for GNU/Linux | 2 | # Description: A GTK+ audio player for GNU/Linux |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/deadbeef.local | 5 | include deadbeef.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deadbeef | 9 | noblacklist ${HOME}/.config/deadbeef |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/default.profile b/etc/default.profile index f8e54c8d3..27feb7dd1 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for default | 1 | # Firejail profile for default |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/default.local | 4 | include default.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # generic gui profile | 8 | # generic gui profile |
9 | # depending on your usage, you can enable some of the commands below: | 9 | # depending on your usage, you can enable some of the commands below: |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | # include /etc/firejail/disable-devel.inc | 12 | # include disable-devel.inc |
13 | # include /etc/firejail/disable-interpreters.inc | 13 | # include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | #include /etc/firejail/disable-xdg.inc | 16 | #include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | # ipc-namespace | 19 | # ipc-namespace |
diff --git a/etc/deluge.profile b/etc/deluge.profile index c01f16588..cb8bff07e 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: BitTorrent client written in Python/PyGTK | 2 | # Description: BitTorrent client written in Python/PyGTK |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/deluge.local | 5 | include deluge.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deluge | 9 | noblacklist ${HOME}/.config/deluge |
10 | 10 | ||
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | # include /etc/firejail/disable-devel.inc | 18 | # include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/deluge | 23 | mkdir ${HOME}/.config/deluge |
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | whitelist ${HOME}/.config/deluge | 25 | whitelist ${HOME}/.config/deluge |
26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | machine-id | 30 | machine-id |
diff --git a/etc/desktop.profile b/etc/desktop.profile index 8bfa885a3..bfb1618b2 100644 --- a/etc/desktop.profile +++ b/etc/desktop.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Extend your GitHub workflow beyond your browser with GitHub Desktop | 2 | # Description: Extend your GitHub workflow beyond your browser with GitHub Desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/github-desktop.local | 5 | include github-desktop.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist ${HOME}/.gitconfig | 9 | whitelist ${HOME}/.gitconfig |
10 | whitelist ${HOME}/.config/GitHub Desktop | 10 | whitelist ${HOME}/.config/GitHub Desktop |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index dbfb05798..b3558a038 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Window matching daemon | 2 | # Description: Window matching daemon |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/devilspie.local | 5 | include devilspie.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.devilspie | 9 | noblacklist ${HOME}/.devilspie |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 3a9a9659a..4ab2634e8 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Window matching daemon (Lua) | 2 | # Description: Window matching daemon (Lua) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/devilspie2.local | 5 | include devilspie2.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/devilspie2 | 9 | noblacklist ${HOME}/.config/devilspie2 |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index d49808ea3..b0226f1e9 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dex2jar.local | 5 | include dex2jar.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Allow access to java | 9 | # Allow access to java |
10 | noblacklist ${PATH}/java | 10 | noblacklist ${PATH}/java |
@@ -12,14 +12,14 @@ noblacklist /usr/lib/java | |||
12 | noblacklist /etc/java | 12 | noblacklist /etc/java |
13 | noblacklist /usr/share/java | 13 | noblacklist /usr/share/java |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
diff --git a/etc/dia.profile b/etc/dia.profile index 48aae15cd..a0075acaf 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Diagram editor | 2 | # Description: Diagram editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dia.local | 5 | include dia.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dia | 9 | noblacklist ${HOME}/.dia |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/dig.profile b/etc/dig.profile index 05eb93fd1..a27ae6be4 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -2,20 +2,20 @@ quiet | |||
2 | # Firejail profile for dig | 2 | # Firejail profile for dig |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dig.local | 5 | include dig.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
11 | # include /etc/firejail/disable-interpreters.inc | 11 | # include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | #include /etc/firejail/disable-xdg.inc | 14 | #include disable-xdg.inc |
15 | 15 | ||
16 | whitelist ~/.digrc | 16 | whitelist ~/.digrc |
17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | # ipc-namespace | 21 | # ipc-namespace |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 470f60779..ccc0a6544 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Digital photo management application for KDE | 2 | # Description: Digital photo management application for KDE |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/digikam.local | 5 | include digikam.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/digikam | 9 | noblacklist ${HOME}/.config/digikam |
10 | noblacklist ${HOME}/.config/digikamrc | 10 | noblacklist ${HOME}/.config/digikamrc |
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam | |||
12 | noblacklist ${HOME}/.kde4/share/apps/digikam | 12 | noblacklist ${HOME}/.kde4/share/apps/digikam |
13 | noblacklist ${PICTURES} | 13 | noblacklist ${PICTURES} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/dillo.profile b/etc/dillo.profile index 57a0628b5..7103d0285 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Small and fast web browser | 2 | # Description: Small and fast web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dillo.local | 5 | include dillo.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dillo | 9 | noblacklist ${HOME}/.dillo |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ${HOME}/.dillo | 20 | whitelist ${HOME}/.dillo |
21 | whitelist ${HOME}/.fltk | 21 | whitelist ${HOME}/.fltk |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/dino.profile b/etc/dino.profile index aa05bf518..9844ce81a 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for dino | 1 | # Firejail profile for dino |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/dino.local | 4 | include dino.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/dino | 8 | noblacklist ${HOME}/.local/share/dino |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.local/share/dino | 16 | mkdir ${HOME}/.local/share/dino |
17 | whitelist ${HOME}/.local/share/dino | 17 | whitelist ${HOME}/.local/share/dino |
18 | whitelist ${HOME}/Downloads | 18 | whitelist ${HOME}/Downloads |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ceca17826..e6ba99874 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-common.local | 3 | include disable-common.local |
4 | 4 | ||
5 | # History files in $HOME and clipboard managers | 5 | # History files in $HOME and clipboard managers |
6 | blacklist-nolog ${HOME}/.*_history | 6 | blacklist-nolog ${HOME}/.*_history |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 627856803..5c41692da 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-devel.local | 3 | include disable-devel.local |
4 | 4 | ||
5 | # development tools | 5 | # development tools |
6 | 6 | ||
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc index 0e0caade1..0d5f5737e 100644 --- a/etc/disable-interpreters.inc +++ b/etc/disable-interpreters.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-interpreters.local | 3 | include disable-interpreters.local |
4 | 4 | ||
5 | # Lua | 5 | # Lua |
6 | blacklist ${PATH}/lua* | 6 | blacklist ${PATH}/lua* |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 19fd871d3..72e1a66ee 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-passwdmgr.local | 3 | include disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.config/Bitwarden | 5 | blacklist ${HOME}/.config/Bitwarden |
6 | blacklist ${HOME}/.config/KeePass | 6 | blacklist ${HOME}/.config/KeePass |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0f48a320b..46e60b9f4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-programs.local | 3 | include disable-programs.local |
4 | 4 | ||
5 | blacklist ${HOME}/Monero/wallets | 5 | blacklist ${HOME}/Monero/wallets |
6 | blacklist ${HOME}/Standard Notes Backups | 6 | blacklist ${HOME}/Standard Notes Backups |
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc index 519f00afb..22acf272d 100644 --- a/etc/disable-xdg.inc +++ b/etc/disable-xdg.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-xdg.local | 3 | include disable-xdg.local |
4 | 4 | ||
5 | blacklist ${DOCUMENTS} | 5 | blacklist ${DOCUMENTS} |
6 | blacklist ${MUSIC} | 6 | blacklist ${MUSIC} |
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile index b6958cbd3..12b5433b2 100644 --- a/etc/discord-canary.profile +++ b/etc/discord-canary.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for discord-canary | 1 | # Firejail profile for discord-canary |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/discord-canary.local | 4 | include discord-canary.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/discordcanary | 9 | noblacklist ${HOME}/.config/discordcanary |
@@ -15,4 +15,4 @@ private-bin discord-canary | |||
15 | private-opt discord-canary | 15 | private-opt discord-canary |
16 | 16 | ||
17 | #Redirect | 17 | #Redirect |
18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 0db05de05..9c6a40e8a 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -1,15 +1,15 @@ | |||
1 | # Firejail profile for discord | 1 | # Firejail profile for discord |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/discord-common.local | 4 | include discord-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
15 | 15 | ||
diff --git a/etc/discord.profile b/etc/discord.profile index 63aed5eca..62c4a5658 100644 --- a/etc/discord.profile +++ b/etc/discord.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for discord | 1 | # Firejail profile for discord |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/discord.local | 4 | include discord.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/discord | 9 | noblacklist ${HOME}/.config/discord |
@@ -15,4 +15,4 @@ private-bin discord | |||
15 | private-opt discord | 15 | private-opt discord |
16 | 16 | ||
17 | #Redirect | 17 | #Redirect |
18 | include /etc/firejail/discord-common.profile | 18 | include discord-common.profile |
diff --git a/etc/display.profile b/etc/display.profile index ebb3d46c5..3182aebbe 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for display | 1 | # Firejail profile for display |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/display.local | 4 | include display.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | 8 | noblacklist ${PICTURES} |
9 | 9 | ||
@@ -13,14 +13,14 @@ noblacklist ${PATH}/python3* | |||
13 | noblacklist /usr/lib/python2* | 13 | noblacklist /usr/lib/python2* |
14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
diff --git a/etc/dnox.profile b/etc/dnox.profile index 505884ca6..e02395771 100644 --- a/etc/dnox.profile +++ b/etc/dnox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for dnox | 1 | # Firejail profile for dnox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/dnox.local | 4 | include dnox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/dnox | 8 | noblacklist ${HOME}/.cache/dnox |
9 | noblacklist ${HOME}/.config/dnox | 9 | noblacklist ${HOME}/.config/dnox |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox | |||
14 | whitelist ${HOME}/.config/dnox | 14 | whitelist ${HOME}/.config/dnox |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 3b8543129..0dc0cc793 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Tool for securing communications between a client and a DNS resolver | 2 | # Description: Tool for securing communications between a client and a DNS resolver |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dnscrypt-proxy.local | 5 | include dnscrypt-proxy.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist /sbin | 11 | noblacklist /sbin |
12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
22 | no3d | 22 | no3d |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 5da1d95e1..bb41b71d1 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Small caching DNS proxy and DHCP/TFTP server | 2 | # Description: Small caching DNS proxy and DHCP/TFTP server |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dnsmasq.local | 5 | include dnsmasq.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist /sbin | 11 | noblacklist /sbin |
12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid | 21 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid |
22 | no3d | 22 | no3d |
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 819998edf..936876ddf 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File manager | 2 | # Description: File manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dolphin.local | 5 | include dolphin.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 | 9 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 |
10 | 10 | ||
@@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash | |||
13 | # noblacklist ${HOME}/.config/dolphinrc | 13 | # noblacklist ${HOME}/.config/dolphinrc |
14 | # noblacklist ${HOME}/.local/share/dolphin | 14 | # noblacklist ${HOME}/.local/share/dolphin |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files | 20 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files |
21 | # include /etc/firejail/disable-programs.inc | 21 | # include disable-programs.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile index 4e1227a0f..075a24c92 100644 --- a/etc/dooble-qt4.profile +++ b/etc/dooble-qt4.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/dooble.profile | 6 | include dooble.profile |
diff --git a/etc/dooble.profile b/etc/dooble.profile index 79d36a973..bc4a4c348 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for dooble | 1 | # Firejail profile for dooble |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/dooble-qt4.local | 4 | include dooble-qt4.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.dooble | 9 | noblacklist ${HOME}/.dooble |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.dooble | 17 | mkdir ${HOME}/.dooble |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.dooble | 19 | whitelist ${HOME}/.dooble |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index ba73dca9e..17ccc9b9a 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS | 2 | # Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dosbox.local | 5 | include dosbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dosbox | 9 | noblacklist ${HOME}/.dosbox |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/dragon.profile b/etc/dragon.profile index 80f2284c5..cdf941acd 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: A multimedia player where the focus is on simplicity, instead of features | 2 | # Description: A multimedia player where the focus is on simplicity, instead of features |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/dragon.local | 5 | include dragon.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dragonplayerrc | 9 | noblacklist ${HOME}/.config/dragonplayerrc |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index eaf1c3e6d..1b242d422 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for dropbox | 1 | # Firejail profile for dropbox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/dropbox.local | 4 | include dropbox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.dropbox | 9 | noblacklist ${HOME}/.dropbox |
10 | noblacklist ${HOME}/.dropbox-dist | 10 | noblacklist ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.dropbox | 18 | mkdir ${HOME}/.dropbox |
19 | mkdir ${HOME}/.dropbox-dist | 19 | mkdir ${HOME}/.dropbox-dist |
@@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop | |||
23 | whitelist ${HOME}/.dropbox | 23 | whitelist ${HOME}/.dropbox |
24 | whitelist ${HOME}/.dropbox-dist | 24 | whitelist ${HOME}/.dropbox-dist |
25 | whitelist ${HOME}/Dropbox | 25 | whitelist ${HOME}/Dropbox |
26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 6fac08a5d..ddf967e55 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Control your desktop using mouse gestures | 2 | # Description: Control your desktop using mouse gestures |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/easystroke.local | 5 | include easystroke.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.easystroke | 9 | noblacklist ${HOME}/.easystroke |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 1e28b854a..b2fd635b1 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile | |||
@@ -5,4 +5,4 @@ net none | |||
5 | nodbus | 5 | nodbus |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include /etc/firejail/calibre.profile | 8 | include calibre.profile |
diff --git a/etc/electron.profile b/etc/electron.profile index ccfde78bb..c24100f17 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Build cross platform desktop apps with web technologies | 2 | # Description: Build cross platform desktop apps with web technologies |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/electron.local | 5 | include electron.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
14 | 14 | ||
diff --git a/etc/electrum.profile b/etc/electrum.profile index 308d3c284..d24a31299 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Lightweight Bitcoin wallet | 2 | # Description: Lightweight Bitcoin wallet |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/electrum.local | 5 | include electrum.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.electrum | 9 | noblacklist ${HOME}/.electrum |
10 | 10 | ||
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | whitelist ${HOME}/.electrum | 25 | whitelist ${HOME}/.electrum |
26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/elinks.profile b/etc/elinks.profile index c20b7f4d0..6643c5fda 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Advanced text-mode WWW browser | 2 | # Description: Advanced text-mode WWW browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/elinks.local | 5 | include elinks.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.elinks | 11 | noblacklist ${HOME}/.elinks |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/emacs.profile b/etc/emacs.profile index 90b25bfcf..c2057f6fb 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: GNU Emacs editor | 2 | # Description: GNU Emacs editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/emacs.local | 5 | include emacs.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.emacs | 9 | noblacklist ${HOME}/.emacs |
10 | noblacklist ${HOME}/.emacs.d | 10 | noblacklist ${HOME}/.emacs.d |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 007b51c35..5ca640d30 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: GNOME multi-protocol chat and call client | 2 | # Description: GNOME multi-protocol chat and call client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/empathy.local | 5 | include empathy.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile index ba7573289..295d74a38 100644 --- a/etc/enchant-2.profile +++ b/etc/enchant-2.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for enchant-2 | 1 | # Firejail profile for enchant-2 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/enchant-2.local | 4 | include enchant-2.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile index 1b646eef6..991ea63ef 100644 --- a/etc/enchant-lsmod-2.profile +++ b/etc/enchant-lsmod-2.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for enchant-lsmod-2 | 1 | # Firejail profile for enchant-lsmod-2 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/enchant-lsmod-2.local | 4 | include enchant-lsmod-2.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile index 3452b0421..d7bcae6a0 100644 --- a/etc/enchant-lsmod.profile +++ b/etc/enchant-lsmod.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for enchant-lsmod | 1 | # Firejail profile for enchant-lsmod |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/enchant-lsmod.local | 4 | include enchant-lsmod.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/enchant.profile | 9 | include enchant.profile |
diff --git a/etc/enchant.profile b/etc/enchant.profile index a765000c3..e29e542ab 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Wrapper for various spell checker engines | 2 | # Description: Wrapper for various spell checker engines |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/enchant.local | 5 | include enchant.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 3f18b4fc6..b9f2632c4 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Archive manager for MATE | 2 | # Description: Archive manager for MATE |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/engrampa.local | 5 | include engrampa.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
16 | 16 | ||
17 | apparmor | 17 | apparmor |
18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/enox.profile b/etc/enox.profile index 46f409346..d8ac8b24a 100644 --- a/etc/enox.profile +++ b/etc/enox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for enox | 1 | # Firejail profile for enox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/enox.local | 4 | include enox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/Enox | 8 | noblacklist ${HOME}/.cache/Enox |
9 | noblacklist ${HOME}/.config/Enox | 9 | noblacklist ${HOME}/.config/Enox |
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox | |||
16 | whitelist ${HOME}/.config/Enox | 16 | whitelist ${HOME}/.config/Enox |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include /etc/firejail/chromium-common.profile | 19 | include chromium-common.profile |
diff --git a/etc/enpass.profile b/etc/enpass.profile index e58da7598..3208c9454 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -1,20 +1,20 @@ | |||
1 | # This file is overwritten after every install/update. | 1 | # This file is overwritten after every install/update. |
2 | # Persistent local customisations | 2 | # Persistent local customisations |
3 | include /etc/firejail/enpass.local | 3 | include enpass.local |
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include /etc/firejail/globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/Sinew Software Systems | 7 | noblacklist ${HOME}/.config/Sinew Software Systems |
8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | machine-id | 20 | machine-id |
diff --git a/etc/eog.profile b/etc/eog.profile index 0e7a8d928..8cb64009c 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Eye of GNOME graphics viewer program | 2 | # Description: Eye of GNOME graphics viewer program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/eog.local | 5 | include eog.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.config/eog | 10 | noblacklist ${HOME}/.config/eog |
11 | noblacklist ${HOME}/.local/share/Trash | 11 | noblacklist ${HOME}/.local/share/Trash |
12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | # apparmor - makes settings immutable | 22 | # apparmor - makes settings immutable |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/eom.profile b/etc/eom.profile index 7d9937159..7d84cd3b4 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Eye of MATE graphics viewer program | 2 | # Description: Eye of MATE graphics viewer program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/eom.local | 5 | include eom.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.config/mate/eom | 10 | noblacklist ${HOME}/.config/mate/eom |
11 | noblacklist ${HOME}/.local/share/Trash | 11 | noblacklist ${HOME}/.local/share/Trash |
12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | # apparmor - makes settings immutable | 22 | # apparmor - makes settings immutable |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index b04cf72b4..6868ca391 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Clone of Boulder Dash game | 2 | # Description: Clone of Boulder Dash game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/epiphany.local | 5 | include epiphany.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/epiphany | 9 | noblacklist ${HOME}/.cache/epiphany |
10 | noblacklist ${HOME}/.config/epiphany | 10 | noblacklist ${HOME}/.config/epiphany |
11 | noblacklist ${HOME}/.local/share/epiphany | 11 | noblacklist ${HOME}/.local/share/epiphany |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/epiphany | 18 | mkdir ${HOME}/.cache/epiphany |
19 | mkdir ${HOME}/.config/epiphany | 19 | mkdir ${HOME}/.config/epiphany |
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} | |||
22 | whitelist ${HOME}/.cache/epiphany | 22 | whitelist ${HOME}/.cache/epiphany |
23 | whitelist ${HOME}/.config/epiphany | 23 | whitelist ${HOME}/.config/epiphany |
24 | whitelist ${HOME}/.local/share/epiphany | 24 | whitelist ${HOME}/.local/share/epiphany |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/etr.profile b/etc/etr.profile index 82c93b7a8..6c3db897b 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -1,20 +1,20 @@ | |||
1 | # Firejail profile for etr | 1 | # Firejail profile for etr |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/etr.local | 4 | include etr.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.etr | 8 | noblacklist ${HOME}/.etr |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | mkdir ${HOME}/.etr | 14 | mkdir ${HOME}/.etr |
15 | whitelist ${HOME}/.etr | 15 | whitelist ${HOME}/.etr |
16 | include /etc/firejail/whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile index d5bc6db33..e43bb2da8 100644 --- a/etc/evince-previewer.profile +++ b/etc/evince-previewer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for evince-previewer | 1 | # Firejail profile for evince-previewer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/evince-previewer.local | 4 | include evince-previewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/evince.profile | 10 | include evince.profile |
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile index abc21632d..4036e1ecb 100644 --- a/etc/evince-thumbnailer.profile +++ b/etc/evince-thumbnailer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for evince-thumbnailer | 1 | # Firejail profile for evince-thumbnailer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/evince-thumbnailer.local | 4 | include evince-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/evince.profile | 10 | include evince.profile |
diff --git a/etc/evince.profile b/etc/evince.profile index 4f514f9e9..1702daeff 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Document (PostScript, PDF) viewer | 2 | # Description: Document (PostScript, PDF) viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/evince.local | 5 | include evince.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/evince | 9 | noblacklist ${HOME}/.config/evince |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
diff --git a/etc/evolution.profile b/etc/evolution.profile index db1af275b..1cce0656c 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Groupware suite with mail client and organizer | 2 | # Description: Groupware suite with mail client and organizer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/evolution.local | 5 | include evolution.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/mail | 9 | noblacklist /var/mail |
10 | noblacklist /var/spool/mail | 10 | noblacklist /var/spool/mail |
@@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg | |||
15 | noblacklist ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
16 | noblacklist ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index b16b5e297..3eac35bac 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/exiftool.local | 5 | include exiftool.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
@@ -13,11 +13,11 @@ noblacklist ${PATH}/perl | |||
13 | noblacklist /usr/lib/perl* | 13 | noblacklist /usr/lib/perl* |
14 | noblacklist /usr/share/perl* | 14 | noblacklist /usr/share/perl* |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | net none | 23 | net none |
diff --git a/etc/falkon.profile b/etc/falkon.profile index e5ed66751..9fd446fe1 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: Lightweight web browser based on Qt WebEngine | 2 | # Description: Lightweight web browser based on Qt WebEngine |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/falkon.local | 5 | include falkon.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/falkon | 9 | noblacklist ${HOME}/.cache/falkon |
10 | noblacklist ${HOME}/.config/falkon | 10 | noblacklist ${HOME}/.config/falkon |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.cache/falkon | 19 | whitelist ${HOME}/.cache/falkon |
20 | whitelist ${HOME}/.config/falkon | 20 | whitelist ${HOME}/.config/falkon |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c0f148d65..701f14dce 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: E-book reader | 2 | # Description: E-book reader |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/fbreader.local | 5 | include fbreader.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FBReader | 9 | noblacklist ${HOME}/.FBReader |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/feh.profile b/etc/feh.profile index ec87e7916..ddf0fa154 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: imlib2 based image viewer | 2 | # Description: imlib2 based image viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/feh.local | 5 | include feh.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index 9b35ad0e7..46d0bd08e 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder | 2 | # Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/fetchmail.local | 5 | include fetchmail.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.fetchmailrc | 9 | noblacklist ${HOME}/.fetchmailrc |
10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index ef54de241..8aa6198df 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -3,17 +3,17 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/ffmpeg.local | 6 | include ffmpeg.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index c1c51df52..d79b4de4b 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Archive manager for GNOME | 2 | # Description: Archive manager for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/file-roller.local | 5 | include file-roller.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
16 | 16 | ||
17 | apparmor | 17 | apparmor |
18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/file.profile b/etc/file.profile index 48a6cec3f..daf2a524e 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/file.local | 6 | include file.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | hostname file | 17 | hostname file |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 3f8e5e109..2e77937ea 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Full-featured graphical FTP/FTPS/SFTP client | 2 | # Description: Full-featured graphical FTP/FTPS/SFTP client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/filezilla.local | 5 | include filezilla.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/filezilla | 9 | noblacklist ${HOME}/.config/filezilla |
10 | noblacklist ${HOME}/.filezilla | 10 | noblacklist ${HOME}/.filezilla |
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile index f9924fee5..ee158703d 100644 --- a/etc/firefox-beta.profile +++ b/etc/firefox-beta.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for firefox-beta | 1 | # Firejail profile for firefox-beta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox-beta.local | 4 | include firefox-beta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index f5fd4aa5b..7a0c3e99f 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/firefox-common-addons.local | 3 | include firefox-common-addons.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.config/kgetrc | 5 | noblacklist ${HOME}/.config/kgetrc |
6 | noblacklist ${HOME}/.config/okularpartrc | 6 | noblacklist ${HOME}/.config/okularpartrc |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 528423583..253f1b3bd 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -1,26 +1,26 @@ | |||
1 | # Firejail profile for firefox-common | 1 | # Firejail profile for firefox-common |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox-common.local | 4 | include firefox-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include /etc/firejail/globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # uncomment the following line to allow access to common programs/addons/plugins | 9 | # uncomment the following line to allow access to common programs/addons/plugins |
10 | #include /etc/firejail/firefox-common-addons.inc | 10 | #include firefox-common-addons.inc |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | whitelist ${HOME}/.pki | 21 | whitelist ${HOME}/.pki |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile index 7458d9e10..56a0485cb 100644 --- a/etc/firefox-developer-edition.profile +++ b/etc/firefox-developer-edition.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # Description: Developer Edition of the popular Firefox web browser | 2 | # Description: Developer Edition of the popular Firefox web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/firefox-developer-edition.local | 5 | include firefox-developer-edition.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include /etc/firejail/firefox.profile | 11 | include firefox.profile |
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile index 9821c7150..0ba04d9c1 100644 --- a/etc/firefox-esr.profile +++ b/etc/firefox-esr.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for firefox-esr | 1 | # Firejail profile for firefox-esr |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox-esr.local | 4 | include firefox-esr.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile index 302f6eb24..6f3838e33 100644 --- a/etc/firefox-nightly.profile +++ b/etc/firefox-nightly.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for firefox-nightly | 1 | # Firejail profile for firefox-nightly |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox-nightly.local | 4 | include firefox-nightly.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile index 806d50e31..e47ca32f9 100644 --- a/etc/firefox-wayland.profile +++ b/etc/firefox-wayland.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for firefox-wayland | 1 | # Firejail profile for firefox-wayland |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox-wayland.local | 4 | include firefox-wayland.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox.profile b/etc/firefox.profile index c968e964e..830bbc6a7 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Safe and easy web browser from Mozilla | 2 | # Description: Safe and easy web browser from Mozilla |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/firefox.local | 5 | include firefox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
@@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla | |||
20 | #private-etc firefox | 20 | #private-etc firefox |
21 | 21 | ||
22 | # Redirect | 22 | # Redirect |
23 | include /etc/firejail/firefox-common.profile | 23 | include firefox-common.profile |
diff --git a/etc/firejail.config b/etc/firejail.config index 91a03f095..d7106e76c 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -22,7 +22,8 @@ | |||
22 | # dbus yes | 22 | # dbus yes |
23 | 23 | ||
24 | # Disable /mnt, /media, /run/mount and /run/media access. By default access | 24 | # Disable /mnt, /media, /run/mount and /run/media access. By default access |
25 | # to these directories is enabled. | 25 | # to these directories is enabled. Unlike --disable-mnt profile option this |
26 | # cannot be overridden by --noblacklist. | ||
26 | # disable-mnt no | 27 | # disable-mnt no |
27 | 28 | ||
28 | # Enable or disable file transfer support, default enabled. | 29 | # Enable or disable file transfer support, default enabled. |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index ff576610b..32e416b34 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Powerful yet simple-to-use screenshot software | 2 | # Description: Powerful yet simple-to-use screenshot software |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/flameshot.local | 5 | include flameshot.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 63f9d19a9..b841bce75 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for flashpeak-slimjet | 1 | # Firejail profile for flashpeak-slimjet |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/flashpeak-slimjet.local | 4 | include flashpeak-slimjet.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/slimjet | 8 | noblacklist ${HOME}/.cache/slimjet |
9 | noblacklist ${HOME}/.config/slimjet | 9 | noblacklist ${HOME}/.config/slimjet |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet | |||
14 | whitelist ${HOME}/.config/slimjet | 14 | whitelist ${HOME}/.config/slimjet |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index ce7bff61d..4628b85ee 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Non-linear video editor | 2 | # Description: Non-linear video editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/flowblade.local | 5 | include flowblade.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/flowblade | 9 | noblacklist ${HOME}/.config/flowblade |
10 | noblacklist ${HOME}/.flowblade | 10 | noblacklist ${HOME}/.flowblade |
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile index 5fafef95a..c296c0491 100644 --- a/etc/fluxbox.profile +++ b/etc/fluxbox.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/fluxbox.local | 5 | include fluxbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.fluxbox | 10 | noblacklist ${HOME}/.fluxbox |
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 07fef9ed6..2a833de06 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Font editor | 2 | # Description: Font editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/fontforge.local | 5 | include fontforge.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FontForge | 9 | noblacklist ${HOME}/.FontForge |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 4316c0988..e821f6f65 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for fossamail | 1 | # Firejail profile for fossamail |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/fossamail.local | 4 | include fossamail.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/fossamail | 8 | noblacklist ${HOME}/.cache/fossamail |
9 | noblacklist ${HOME}/.fossamail | 9 | noblacklist ${HOME}/.fossamail |
@@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg | |||
15 | whitelist ${HOME}/.cache/fossamail | 15 | whitelist ${HOME}/.cache/fossamail |
16 | whitelist ${HOME}/.fossamail | 16 | whitelist ${HOME}/.fossamail |
17 | whitelist ${HOME}/.gnupg | 17 | whitelist ${HOME}/.gnupg |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | # allow browsers | 20 | # allow browsers |
21 | # Redirect | 21 | # Redirect |
22 | include /etc/firejail/firefox.profile | 22 | include firefox.profile |
diff --git a/etc/franz.profile b/etc/franz.profile index f46ebe604..5ce8954c4 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for franz | 1 | # Firejail profile for franz |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/franz.local | 4 | include franz.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/Franz | 8 | noblacklist ${HOME}/.cache/Franz |
9 | noblacklist ${HOME}/.config/Franz | 9 | noblacklist ${HOME}/.config/Franz |
10 | noblacklist ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.cache/Franz | 17 | mkdir ${HOME}/.cache/Franz |
18 | mkdir ${HOME}/.config/Franz | 18 | mkdir ${HOME}/.config/Franz |
@@ -21,7 +21,7 @@ whitelist ${DOWNLOADS} | |||
21 | whitelist ${HOME}/.cache/Franz | 21 | whitelist ${HOME}/.cache/Franz |
22 | whitelist ${HOME}/.config/Franz | 22 | whitelist ${HOME}/.config/Franz |
23 | whitelist ${HOME}/.pki | 23 | whitelist ${HOME}/.pki |
24 | include /etc/firejail/whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/freecad.profile b/etc/freecad.profile index 0c0647eaf..11fe3245c 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Extensible Open Source CAx program | 2 | # Description: Extensible Open Source CAx program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/freecad.local | 5 | include freecad.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeCAD | 9 | noblacklist ${HOME}/.config/FreeCAD |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile index f8bbff593..d98b05e65 100644 --- a/etc/freecadcmd.profile +++ b/etc/freecadcmd.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/freecad.profile | 6 | include freecad.profile |
diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 35b9d1ad7..2dd55d8cc 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/clamav.local | 5 | include clamav.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | caps.keep setgid,setuid | 10 | caps.keep setgid,setuid |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index a618a6465..3697252e7 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Cool game where you pop out the bubbles | 2 | # Description: Cool game where you pop out the bubbles |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/frozen-bubble.local | 5 | include frozen-bubble.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frozen-bubble | 9 | noblacklist ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.frozen-bubble | 17 | mkdir ${HOME}/.frozen-bubble |
18 | whitelist ${HOME}/.frozen-bubble | 18 | whitelist ${HOME}/.frozen-bubble |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | net none | 23 | net none |
diff --git a/etc/gajim.profile b/etc/gajim.profile index a93f38485..b60437c6e 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: GTK+-based Jabber client | 2 | # Description: GTK+-based Jabber client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gajim.local | 5 | include gajim.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gajim | 9 | noblacklist ${HOME}/.cache/gajim |
10 | noblacklist ${HOME}/.config/gajim | 10 | noblacklist ${HOME}/.config/gajim |
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | noblacklist /usr/lib64/python3* | 16 | noblacklist /usr/lib64/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/gajim | 24 | mkdir ${HOME}/.cache/gajim |
25 | mkdir ${HOME}/.config/gajim | 25 | mkdir ${HOME}/.config/gajim |
@@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim | |||
29 | whitelist ${HOME}/.config/gajim | 29 | whitelist ${HOME}/.config/gajim |
30 | whitelist ${HOME}/.local/share/gajim | 30 | whitelist ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/Downloads | 31 | whitelist ${HOME}/Downloads |
32 | include /etc/firejail/whitelist-common.inc | 32 | include whitelist-common.inc |
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 5af950e9b..323c880a8 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Scientific calculator | 2 | # Description: Scientific calculator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/galculator.local | 5 | include galculator.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/galculator | 9 | noblacklist ${HOME}/.config/galculator |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/galculator | 17 | mkdir ${HOME}/.config/galculator |
18 | whitelist ${HOME}/.config/galculator | 18 | whitelist ${HOME}/.config/galculator |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index aeb377118..5aa73b38f 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for gcloud | 1 | # Firejail profile for gcloud |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gcloud.local | 4 | include gcloud.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.boto | 8 | noblacklist ${HOME}/.boto |
9 | noblacklist ${HOME}/.config/gcloud | 9 | noblacklist ${HOME}/.config/gcloud |
10 | noblacklist /var/run/docker.sock | 10 | noblacklist /var/run/docker.sock |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | apparmor | 16 | apparmor |
17 | caps.drop all | 17 | caps.drop all |
diff --git a/etc/geany.profile b/etc/geany.profile index 1be34e6a8..a236ea2c5 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: Fast and lightweight IDE | 2 | # Description: Fast and lightweight IDE |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/geany.local | 5 | include geany.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/geany | 9 | noblacklist ${HOME}/.config/geany |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
diff --git a/etc/geary.profile b/etc/geary.profile index 735206da2..a21eed9f1 100644 --- a/etc/geary.profile +++ b/etc/geary.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Lightweight email client designed for the GNOME desktop | 2 | # Description: Lightweight email client designed for the GNOME desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/geary.local | 5 | include geary.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Users have Geary set to open a browser by clicking a link in an email | 9 | # Users have Geary set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
@@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg | |||
20 | whitelist ${HOME}/.config/geary | 20 | whitelist ${HOME}/.config/geary |
21 | whitelist ${HOME}/.local/share/geary | 21 | whitelist ${HOME}/.local/share/geary |
22 | 22 | ||
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | ignore nodbus | 25 | ignore nodbus |
26 | ignore private-tmp | 26 | ignore private-tmp |
@@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list | |||
29 | 29 | ||
30 | # allow browsers | 30 | # allow browsers |
31 | # Redirect | 31 | # Redirect |
32 | include /etc/firejail/firefox.profile | 32 | include firefox.profile |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 875f47a0f..d537f1294 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Official text editor of the GNOME desktop environment | 2 | # Description: Official text editor of the GNOME desktop environment |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gedit.local | 5 | include gedit.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/gedit | 10 | noblacklist ${HOME}/.config/gedit |
11 | noblacklist ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | # include /etc/firejail/disable-devel.inc | 14 | # include disable-devel.inc |
15 | # include /etc/firejail/disable-interpreters.inc | 15 | # include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a24e75476..a7d82b5fb 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Image viewer using GTK+ | 2 | # Description: Image viewer using GTK+ |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/geeqie.local | 5 | include geeqie.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/geeqie | 9 | noblacklist ${HOME}/.cache/geeqie |
10 | noblacklist ${HOME}/.config/geeqie | 10 | noblacklist ${HOME}/.config/geeqie |
11 | noblacklist ${HOME}/.local/share/geeqie | 11 | noblacklist ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | nodvd | 20 | nodvd |
diff --git a/etc/ghb.profile b/etc/ghb.profile index de6244a32..1cb09ddde 100644 --- a/etc/ghb.profile +++ b/etc/ghb.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/handbrake.profile | 6 | include handbrake.profile |
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.10.profile +++ b/etc/gimp-2.10.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/gimp.profile | 6 | include gimp.profile |
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/gimp.profile | 6 | include gimp.profile |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 3a3b2061f..9b14b1fe8 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: GNU Image Manipulation Program | 2 | # Description: GNU Image Manipulation Program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gimp.local | 5 | include gimp.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.gimp* | 10 | noblacklist ${HOME}/.gimp* |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | noblacklist ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | apparmor | 21 | apparmor |
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/git.profile b/etc/git.profile index 40beaf2da..7d4392c80 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -3,9 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/git.local | 6 | include git.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
@@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh | |||
17 | noblacklist ${HOME}/.vim | 17 | noblacklist ${HOME}/.vim |
18 | noblacklist ${HOME}/.viminfo | 18 | noblacklist ${HOME}/.viminfo |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 83e11c4d9..f6d78cc54 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Git repository viewer | 2 | # Description: Git repository viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gitg.local | 5 | include gitg.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gitconfig | 9 | noblacklist ${HOME}/.gitconfig |
10 | noblacklist ${HOME}/.local/share/gitg | 10 | noblacklist ${HOME}/.local/share/gitg |
11 | noblacklist ${HOME}/.ssh | 11 | noblacklist ${HOME}/.ssh |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | no3d | 22 | no3d |
diff --git a/etc/gitter.profile b/etc/gitter.profile index f473e18ea..d8439fa79 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for gitter | 1 | # Firejail profile for gitter |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gitter.local | 4 | include gitter.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.config/Gitter | 9 | noblacklist ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/autostart | 18 | whitelist ${HOME}/.config/autostart |
19 | whitelist ${HOME}/.config/Gitter | 19 | whitelist ${HOME}/.config/Gitter |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | machine-id | 23 | machine-id |
diff --git a/etc/gjs.profile b/etc/gjs.profile index be8484278..9c7aa5700 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Mozilla-based javascript bindings for the GNOME platform | 2 | # Description: Mozilla-based javascript bindings for the GNOME platform |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gjs.local | 5 | include gjs.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books | |||
13 | noblacklist ${HOME}/.config/libreoffice | 13 | noblacklist ${HOME}/.config/libreoffice |
14 | noblacklist ${HOME}/.local/share/gnome-photos | 14 | noblacklist ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index 59a117a7b..c007fb0cc 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for globaltime | 1 | # Firejail profile for globaltime |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/globaltime.local | 4 | include globaltime.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/globaltime | 8 | noblacklist ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 1a9ca7641..ce83fbb66 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Sliding tile puzzle game | 2 | # Description: Sliding tile puzzle game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-2048.local | 5 | include gnome-2048.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-2048 | 9 | noblacklist ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-2048 | 19 | mkdir ${HOME}/.local/share/gnome-2048 |
20 | whitelist ${HOME}/.local/share/gnome-2048 | 20 | whitelist ${HOME}/.local/share/gnome-2048 |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 24aeaeb9d..c748cf7e3 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for gnome-books | 1 | # Firejail profile for gnome-books |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gnome-books.local | 4 | include gnome-books.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index 33c13360f..dffe16263 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
@@ -2,14 +2,14 @@ | |||
2 | # Description: IDE for GNOME | 2 | # Description: IDE for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-builder.local | 5 | include gnome-builder.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | ipc-namespace | 15 | ipc-namespace |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index f6632c2c2..7974211c7 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -3,19 +3,19 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/gnome-calculator.local | 6 | include gnome-calculator.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | # apparmor - makes settings immutable | 20 | # apparmor - makes settings immutable |
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 348ef1798..fbd8c22c0 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Simple chess game | 2 | # Description: Simple chess game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-chess.local | 5 | include gnome-chess.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-chess | 9 | noblacklist ${HOME}/.local/share/gnome-chess |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | no3d | 21 | no3d |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 66a362707..54356a1b7 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Simple GNOME app with stopwatch, timer, and world clock support | 2 | # Description: Simple GNOME app with stopwatch, timer, and world clock support |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-clocks.local | 5 | include gnome-clocks.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 93af764e7..2a13b3b27 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Contacts manager for GNOME | 2 | # Description: Contacts manager for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-contacts.local | 5 | include gnome-contacts.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index ce75d6fea..36b69ce90 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Document manager for GNOME | 2 | # Description: Document manager for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-documents.local | 5 | include gnome-documents.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/libreoffice | 11 | noblacklist ${HOME}/.config/libreoffice |
12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index 751295f23..c616b7381 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Font viewer for GNOME | 2 | # Description: Font viewer for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-font-viewer.local | 5 | include gnome-font-viewer.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index 03f4e5dee..f89684219 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Viewer for the systemd journal | 2 | # Description: Viewer for the systemd journal |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-logs.local | 5 | include gnome-logs.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | whitelist /var/log/journal | 16 | whitelist /var/log/journal |
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 01facaaa8..d27d90d29 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Map application for GNOME | 2 | # Description: Map application for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-maps.local | 5 | include gnome-maps.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/champlain | 11 | noblacklist ${HOME}/.cache/champlain |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 4acbf7a42..3dd623ea9 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: GTK/Gnome interface around MPlayer | 2 | # Description: GTK/Gnome interface around MPlayer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-mplayer.local | 5 | include gnome-mplayer.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-mplayer | 9 | noblacklist ${HOME}/.config/gnome-mplayer |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | nogroups | 21 | nogroups |
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index d8f66fb46..ffb04add1 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Simple GTK+ frontend for mpv | 2 | # Description: Simple GTK+ frontend for mpv |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-mpv.local | 5 | include gnome-mpv.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-mpv | 9 | noblacklist ${HOME}/.config/gnome-mpv |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nodbus | 23 | nodbus |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 3347d7070..54e055358 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: GNOME music player | 2 | # Description: GNOME music player |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-music.local | 5 | include gnome-music.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-music | 9 | noblacklist ${HOME}/.local/share/gnome-music |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 097c0e747..2e3356607 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Access, organize and share your photos with GNOME | 2 | # Description: Access, organize and share your photos with GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-photos.local | 5 | include gnome-photos.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.local/share/gnome-photos | 11 | noblacklist ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index 41f6de346..cef741eb3 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Alternative AppMenu | 2 | # Description: Alternative AppMenu |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-pie.local | 5 | include gnome-pie.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-pie | 9 | noblacklist ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include /etc/firejail/disable-common.inc | 11 | #include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | #include /etc/firejail/disable-interpreters.inc | 13 | #include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | #include /etc/firejail/disable-programs.inc | 15 | #include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 4c36e9c0a..761c604ff 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Recipe application for GNOME | 2 | # Description: Recipe application for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-recipes.local | 5 | include gnome-recipes.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/gnome-recipes | 10 | noblacklist ${HOME}/.local/share/gnome-recipes |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/gnome-recipes | 18 | mkdir ${HOME}/.cache/gnome-recipes |
19 | whitelist ${HOME}/.cache/gnome-recipes | 19 | whitelist ${HOME}/.cache/gnome-recipes |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile index cbc79320e..f660df690 100644 --- a/etc/gnome-ring.profile +++ b/etc/gnome-ring.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for gnome-ring | 1 | # Firejail profile for gnome-ring |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gnome-ring.local | 4 | include gnome-ring.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/gnome-ring | 8 | noblacklist ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index c260ada1a..4b54d9627 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash | 2 | # Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-twitch.local | 5 | include gnome-twitch.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gnome-twitch | 9 | noblacklist ${HOME}/.cache/gnome-twitch |
10 | noblacklist ${HOME}/.local/share/gnome-twitch | 10 | noblacklist ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/gnome-twitch | 18 | mkdir ${HOME}/.cache/gnome-twitch |
19 | mkdir ${HOME}/.local/share/gnome-twitch | 19 | mkdir ${HOME}/.local/share/gnome-twitch |
20 | whitelist ${HOME}/.cache/gnome-twitch | 20 | whitelist ${HOME}/.cache/gnome-twitch |
21 | whitelist ${HOME}/.local/share/gnome-twitch | 21 | whitelist ${HOME}/.local/share/gnome-twitch |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | nodvd | 25 | nodvd |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 20aa56c6d..6b5f5480d 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Access current conditions and forecasts | 2 | # Description: Access current conditions and forecasts |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gnome-weather.local | 5 | include gnome-weather.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/goobox.profile b/etc/goobox.profile index b004c56db..3cc159eb2 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: CD player and ripper with GNOME 3 integration | 2 | # Description: CD player and ripper with GNOME 3 integration |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/goobox.local | 5 | include goobox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index ab16558ea..73101f509 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for google-chrome-beta | 1 | # Firejail profile for google-chrome-beta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/google-chrome-beta.local | 4 | include google-chrome-beta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/google-chrome-beta | 8 | noblacklist ${HOME}/.cache/google-chrome-beta |
9 | noblacklist ${HOME}/.config/google-chrome-beta | 9 | noblacklist ${HOME}/.config/google-chrome-beta |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta | |||
14 | whitelist ${HOME}/.config/google-chrome-beta | 14 | whitelist ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile index 6ade19021..55868e0b7 100644 --- a/etc/google-chrome-stable.profile +++ b/etc/google-chrome-stable.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/google-chrome.profile | 6 | include google-chrome.profile |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index b7d0eccf3..50e9923aa 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for google-chrome-unstable | 1 | # Firejail profile for google-chrome-unstable |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/google-chrome-unstable.local | 4 | include google-chrome-unstable.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/google-chrome-unstable | 8 | noblacklist ${HOME}/.cache/google-chrome-unstable |
9 | noblacklist ${HOME}/.config/google-chrome-unstable | 9 | noblacklist ${HOME}/.config/google-chrome-unstable |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable | |||
14 | whitelist ${HOME}/.config/google-chrome-unstable | 14 | whitelist ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6e44190ae..c69e98271 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for google-chrome | 1 | # Firejail profile for google-chrome |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/google-chrome.local | 4 | include google-chrome.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/google-chrome | 8 | noblacklist ${HOME}/.cache/google-chrome |
9 | noblacklist ${HOME}/.config/google-chrome | 9 | noblacklist ${HOME}/.config/google-chrome |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome | |||
14 | whitelist ${HOME}/.config/google-chrome | 14 | whitelist ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index ab49de4d8..6e5f99745 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for google-earth | 1 | # Firejail profile for google-earth |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/google-earth.local | 4 | include google-earth.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.googleearth/Cache/ | 9 | noblacklist ${HOME}/.googleearth/Cache/ |
@@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/ | |||
11 | noblacklist ${HOME}/.googleearth/myplaces.backup.kml | 11 | noblacklist ${HOME}/.googleearth/myplaces.backup.kml |
12 | noblacklist ${HOME}/.googleearth/myplaces.kml | 12 | noblacklist ${HOME}/.googleearth/myplaces.kml |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Google | 20 | mkdir ${HOME}/.config/Google |
21 | mkdir ${HOME}/.googleearth/Cache/ | 21 | mkdir ${HOME}/.googleearth/Cache/ |
@@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/ | |||
27 | whitelist ${HOME}/.googleearth/Temp/ | 27 | whitelist ${HOME}/.googleearth/Temp/ |
28 | whitelist ${HOME}/.googleearth/myplaces.backup.kml | 28 | whitelist ${HOME}/.googleearth/myplaces.backup.kml |
29 | whitelist ${HOME}/.googleearth/myplaces.kml | 29 | whitelist ${HOME}/.googleearth/myplaces.kml |
30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
33 | ipc-namespace | 33 | ipc-namespace |
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index c31aace87..4932c9e42 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for google-play-music-desktop-player | 1 | # Firejail profile for google-play-music-desktop-player |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/google-play-music-desktop-player.local | 4 | include google-play-music-desktop-player.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google Play Music Desktop Player | 8 | noblacklist ${HOME}/.config/Google Play Music Desktop Player |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | # whitelist ${HOME}/.config/pulse | 16 | # whitelist ${HOME}/.config/pulse |
17 | # whitelist ${HOME}/.pulse | 17 | # whitelist ${HOME}/.pulse |
18 | whitelist ${HOME}/.config/Google Play Music Desktop Player | 18 | whitelist ${HOME}/.config/Google Play Music Desktop Player |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/gpa.profile b/etc/gpa.profile index fed06dadd..ce7c8496d 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: GNU Privacy Assistant (GPA) | 2 | # Description: GNU Privacy Assistant (GPA) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gpa.local | 5 | include gpa.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index f0703a3a8..7181837d5 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: GNU privacy guard - cryptographic agent | 2 | # Description: GNU privacy guard - cryptographic agent |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gpg-agent.local | 5 | include gpg-agent.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 9ddcc3d54..e920b9072 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: GNU Privacy Guard -- minimalist public key operations | 2 | # Description: GNU Privacy Guard -- minimalist public key operations |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gpg.local | 5 | include gpg.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index f39ed5e95..d3e1123f3 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Lightweight image viewer | 2 | # Description: Lightweight image viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gpicview.local | 5 | include gpicview.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gpicview | 9 | noblacklist ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 4884c9fa1..76a10f697 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Satellite tracking program | 2 | # Description: Satellite tracking program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gpredict.local | 5 | include gpredict.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Gpredict | 9 | noblacklist ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${HOME}/.config/Gpredict | 17 | whitelist ${HOME}/.config/Gpredict |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/gradio.profile b/etc/gradio.profile index bba92a0bc..e7f415090 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile | |||
@@ -1,25 +1,25 @@ | |||
1 | # Firejail profile for gradio | 1 | # Firejail profile for gradio |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gradio.local | 4 | include gradio.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gradio | 8 | noblacklist ${HOME}/.cache/gradio |
9 | noblacklist ${HOME}/.local/share/gradio | 9 | noblacklist ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.cache/gradio | 17 | mkdir ${HOME}/.cache/gradio |
18 | mkdir ${HOME}/.local/share/gradio | 18 | mkdir ${HOME}/.local/share/gradio |
19 | whitelist ${HOME}/.cache/gradio | 19 | whitelist ${HOME}/.cache/gradio |
20 | whitelist ${HOME}/.local/share/gradio | 20 | whitelist ${HOME}/.local/share/gradio |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/gtar.profile b/etc/gtar.profile index d4bf18f95..12acb8356 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/tar.profile | 6 | include tar.profile |
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 6b3c844cb..77de59802 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Image viewer and browser | 2 | # Description: Image viewer and browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gthumb.local | 5 | include gthumb.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gthumb | 9 | noblacklist ${HOME}/.config/gthumb |
10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | nodvd | 20 | nodvd |
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 7d6124538..22457c547 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for guayadeque | 1 | # Firejail profile for guayadeque |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/guayadeque.local | 4 | include guayadeque.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.guayadeque | 8 | noblacklist ${HOME}/.guayadeque |
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index ab5fe324c..13db746f8 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Unicode character picker and font browser | 2 | # Description: Unicode character picker and font browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gucharmap.local | 5 | include gucharmap.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/gunzip.profile b/etc/gunzip.profile index 8ea523df7..fe35f8fe7 100644 --- a/etc/gunzip.profile +++ b/etc/gunzip.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for gunzip | 1 | # Firejail profile for gunzip |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/gunzip.local | 4 | include gunzip.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Redirect | 8 | # Redirect |
9 | include /etc/firejail/gzip.profile | 9 | include gzip.profile |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 00b64b3e0..8723b0135 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Image viewer | 2 | # Description: Image viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/gwenview.local | 5 | include gwenview.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.config/gwenviewrc | 10 | noblacklist ${HOME}/.config/gwenviewrc |
@@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc | |||
17 | noblacklist ${HOME}/.local/share/gwenview | 17 | noblacklist ${HOME}/.local/share/gwenview |
18 | noblacklist ${HOME}/.local/share/org.kde.gwenview | 18 | noblacklist ${HOME}/.local/share/org.kde.gwenview |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | apparmor | 28 | apparmor |
29 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 0c43a7ab2..16ca6b94d 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/gzip.local | 6 | include gzip.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -24,4 +24,4 @@ tracelog | |||
24 | 24 | ||
25 | private-dev | 25 | private-dev |
26 | 26 | ||
27 | include /etc/firejail/default.profile | 27 | include default.profile |
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile index de6244a32..1cb09ddde 100644 --- a/etc/handbrake-gtk.profile +++ b/etc/handbrake-gtk.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/handbrake.profile | 6 | include handbrake.profile |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 40f16ffc7..a98f80bc7 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Versatile DVD ripper and video transcoder (GTK+ GUI) | 2 | # Description: Versatile DVD ripper and video transcoder (GTK+ GUI) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/handbrake.local | 5 | include handbrake.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghb | 9 | noblacklist ${HOME}/.config/ghb |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index c2a498af4..bf4836c45 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -3,20 +3,20 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/hashcat.local | 6 | include hashcat.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.hashcat | 10 | noblacklist ${HOME}/.hashcat |
11 | noblacklist /usr/include | 11 | noblacklist /usr/include |
12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index e479ead30..4dfb40890 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Funny turn-based artillery game, featuring fighting hedgehogs | 2 | # Description: Funny turn-based artillery game, featuring fighting hedgehogs |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/hedgewars.local | 5 | include hedgewars.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hedgewars | 9 | noblacklist ${HOME}/.hedgewars |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.hedgewars | 17 | mkdir ${HOME}/.hedgewars |
18 | whitelist ${HOME}/.hedgewars | 18 | whitelist ${HOME}/.hedgewars |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 24981c4ae..783f91e82 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: IRC client for X based on X-Chat 2 | 2 | # Description: IRC client for X based on X-Chat 2 |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/hexchat.local | 5 | include hexchat.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/hexchat | 9 | noblacklist ${HOME}/.config/hexchat |
10 | noblacklist /usr/share/perl* | 10 | noblacklist /usr/share/perl* |
@@ -15,16 +15,16 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/hexchat | 24 | mkdir ${HOME}/.config/hexchat |
25 | whitelist ${HOME}/.config/hexchat | 25 | whitelist ${HOME}/.config/hexchat |
26 | include /etc/firejail/whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | machine-id | 30 | machine-id |
diff --git a/etc/highlight.profile b/etc/highlight.profile index 6f3440b1b..ae2cce0b4 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Universal source code to formatted text converter | 2 | # Description: Universal source code to formatted text converter |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/highlight.local | 5 | include highlight.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/hugin.profile b/etc/hugin.profile index 93fb8003b..1e235f381 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Panorama photo stitcher | 2 | # Description: Panorama photo stitcher |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/hugin.local | 5 | include hugin.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hugin | 9 | noblacklist ${HOME}/.hugin |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
diff --git a/etc/i3.profile b/etc/i3.profile index efbc1f6e7..c1ca0e413 100644 --- a/etc/i3.profile +++ b/etc/i3.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/i3.local | 5 | include i3.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.config/i3 | 10 | noblacklist ${HOME}/.config/i3 |
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 42e762c21..660343a29 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for icecat | 1 | # Firejail profile for icecat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/icecat.local | 4 | include icecat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
@@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla | |||
17 | #private-etc icecat | 17 | #private-etc icecat |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include /etc/firejail/firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/icedove.profile b/etc/icedove.profile index 80cff3878..a66309bf1 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for icedove | 1 | # Firejail profile for icedove |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/icedove.local | 4 | include icedove.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Users have icedove set to open a browser by clicking a link in an email | 8 | # Users have icedove set to open a browser by clicking a link in an email |
9 | # We are not allowed to blacklist browser-specific directories | 9 | # We are not allowed to blacklist browser-specific directories |
@@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove | |||
18 | whitelist ${HOME}/.cache/icedove | 18 | whitelist ${HOME}/.cache/icedove |
19 | whitelist ${HOME}/.gnupg | 19 | whitelist ${HOME}/.gnupg |
20 | whitelist ${HOME}/.icedove | 20 | whitelist ${HOME}/.icedove |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | ignore private-tmp | 23 | ignore private-tmp |
24 | 24 | ||
25 | # allow browsers | 25 | # allow browsers |
26 | # Redirect | 26 | # Redirect |
27 | include /etc/firejail/firefox.profile | 27 | include firefox.profile |
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 51f15aa1b..24a2f4cc3 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for iceweasel | 1 | # Firejail profile for iceweasel |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/iceweasel.local | 4 | include iceweasel.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # private-etc must first be enabled in firefox-common.profile | 8 | # private-etc must first be enabled in firefox-common.profile |
9 | #private-etc iceweasel | 9 | #private-etc iceweasel |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/firefox.profile | 12 | include firefox.profile |
diff --git a/etc/idea.profile b/etc/idea.profile index 623d71734..d56dceb71 100644 --- a/etc/idea.profile +++ b/etc/idea.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for idea | 1 | # Firejail profile for idea |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/idea.local | 4 | include idea.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 1f460822a..bbacef764 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for idea.sh | 1 | # Firejail profile for idea.sh |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/idea.sh.local | 4 | include idea.sh.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.IdeaIC* | 8 | noblacklist ${HOME}/.IdeaIC* |
9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
@@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains | |||
16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile index f7a69fa94..b960b08e5 100644 --- a/etc/ideaIC.profile +++ b/etc/ideaIC.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for ideaIC | 1 | # Firejail profile for ideaIC |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ideaIC.local | 4 | include ideaIC.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/imagej.profile b/etc/imagej.profile index a218b89a5..9ff0f9203 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Image processing program with a focus on microscopy images | 2 | # Description: Image processing program with a focus on microscopy images |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/imagej.local | 5 | include imagej.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.imagej | 9 | noblacklist ${HOME}/.imagej |
10 | 10 | ||
@@ -14,11 +14,11 @@ noblacklist /usr/lib/java | |||
14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 501f390cb..6f860a3d4 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for img2txt | 1 | # Firejail profile for img2txt |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/img2txt.local | 4 | include img2txt.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 129d04098..a13f5c378 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Vector-based drawing program | 2 | # Description: Vector-based drawing program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/inkscape.local | 5 | include inkscape.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/inkscape | 9 | noblacklist ${HOME}/.cache/inkscape |
10 | noblacklist ${HOME}/.config/inkscape | 10 | noblacklist ${HOME}/.config/inkscape |
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape | |||
12 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | noblacklist ${PICTURES} | 13 | noblacklist ${PICTURES} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/inox.profile b/etc/inox.profile index 652761c54..1b3db73b4 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for inox | 1 | # Firejail profile for inox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/inox.local | 4 | include inox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/inox | 8 | noblacklist ${HOME}/.cache/inox |
9 | noblacklist ${HOME}/.config/inox | 9 | noblacklist ${HOME}/.config/inox |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox | |||
14 | whitelist ${HOME}/.config/inox | 14 | whitelist ${HOME}/.config/inox |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile index 1baa07cb7..0a6418d5c 100644 --- a/etc/iridium-browser.profile +++ b/etc/iridium-browser.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/iridium.profile | 6 | include iridium.profile |
diff --git a/etc/iridium.profile b/etc/iridium.profile index 2869c3070..ebb39b0a3 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for iridium | 1 | # Firejail profile for iridium |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/iridium.local | 4 | include iridium.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/iridium | 8 | noblacklist ${HOME}/.cache/iridium |
9 | noblacklist ${HOME}/.config/iridium | 9 | noblacklist ${HOME}/.config/iridium |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium | |||
14 | whitelist ${HOME}/.config/iridium | 14 | whitelist ${HOME}/.config/iridium |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/itch.profile b/etc/itch.profile index d2e32e9a1..c0b4fe6ce 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
@@ -1,24 +1,24 @@ | |||
1 | # Firejail profile for itch | 1 | # Firejail profile for itch |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/itch.local | 4 | include itch.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/itch | 11 | noblacklist ${HOME}/.config/itch |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/itch | 19 | mkdir ${HOME}/.config/itch |
20 | whitelist ${HOME}/.config/itch | 20 | whitelist ${HOME}/.config/itch |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index f0ffcd0d6..443e6b550 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for jd-gui | 1 | # Firejail profile for jd-gui |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/jd-gui.local | 4 | include jd-gui.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | noblacklist ${HOME}/.config/jd-gui.cfg |
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
@@ -14,14 +14,14 @@ noblacklist /usr/lib/java | |||
14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | net none | 27 | net none |
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile index dbcc85e8d..037d92338 100644 --- a/etc/jdownloader.profile +++ b/etc/jdownloader.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for jdownloader | 1 | # Firejail profile for jdownloader |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/jdownloader.local | 4 | include jdownloader.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/JDownloader.profile | 10 | include JDownloader.profile |
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index b3b09f4b1..5a575bb71 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for jitsi | 1 | # Firejail profile for jitsi |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/jitsi.local | 4 | include jitsi.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
9 | 9 | ||
@@ -13,11 +13,11 @@ noblacklist /usr/lib/java | |||
13 | noblacklist /etc/java | 13 | noblacklist /etc/java |
14 | noblacklist /usr/share/java | 14 | noblacklist /usr/share/java |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nodvd | 23 | nodvd |
diff --git a/etc/k3b.profile b/etc/k3b.profile index 6b4c15560..8c599d0ca 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Sophisticated CD/DVD burning application | 2 | # Description: Sophisticated CD/DVD burning application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/k3b.local | 5 | include k3b.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/k3brc | 9 | noblacklist ${HOME}/.config/k3brc |
10 | noblacklist ${HOME}/.kde/share/config/k3brc | 10 | noblacklist ${HOME}/.kde/share/config/k3brc |
11 | noblacklist ${HOME}/.kde4/share/config/k3brc | 11 | noblacklist ${HOME}/.kde4/share/config/k3brc |
12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | no3d | 24 | no3d |
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index 8fe79166c..85870da36 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Versatile media player for KDE | 2 | # Description: Versatile media player for KDE |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kaffeine.local | 5 | include kaffeine.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kaffeinerc | 9 | noblacklist ${HOME}/.config/kaffeinerc |
10 | noblacklist ${HOME}/.kde/share/apps/kaffeine | 10 | noblacklist ${HOME}/.kde/share/apps/kaffeine |
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/kaffeine | |||
15 | noblacklist ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/karbon.profile b/etc/karbon.profile index 3525a3e06..e9e3c2a69 100644 --- a/etc/karbon.profile +++ b/etc/karbon.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/krita.profile | 6 | include krita.profile |
diff --git a/etc/kate.profile b/etc/kate.profile index 7a92cff53..cce36eacc 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Powerful text editor | 2 | # Description: Powerful text editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kate.local | 5 | include kate.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/katemetainfos | 9 | noblacklist ${HOME}/.config/katemetainfos |
10 | noblacklist ${HOME}/.config/katepartrc | 10 | noblacklist ${HOME}/.config/katepartrc |
@@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc | |||
14 | noblacklist ${HOME}/.config/katevirc | 14 | noblacklist ${HOME}/.config/katevirc |
15 | noblacklist ${HOME}/.local/share/kate | 15 | noblacklist ${HOME}/.local/share/kate |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | # include /etc/firejail/disable-devel.inc | 18 | # include disable-devel.inc |
19 | # include /etc/firejail/disable-interpreters.inc | 19 | # include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | # apparmor | 25 | # apparmor |
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 563776166..8baefaa98 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: Simple and scientific calculator | 2 | # Description: Simple and scientific calculator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kcalc.local | 5 | include kcalc.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkfile ${HOME}/.config/kcalcrc | 16 | mkfile ${HOME}/.config/kcalcrc |
17 | mkfile ${HOME}/.kde/share/config/kcalcrc | 17 | mkfile ${HOME}/.kde/share/config/kcalcrc |
@@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc | |||
19 | whitelist ${HOME}/.config/kcalcrc | 19 | whitelist ${HOME}/.config/kcalcrc |
20 | whitelist ${HOME}/.kde/share/config/kcalcrc | 20 | whitelist ${HOME}/.kde/share/config/kcalcrc |
21 | whitelist ${HOME}/.kde4/share/config/kcalcrc | 21 | whitelist ${HOME}/.kde4/share/config/kcalcrc |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index 523a71efc..cd7c4cae3 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for kdeinit4 | 1 | # Firejail profile for kdeinit4 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/kdeinit4.local | 4 | include kdeinit4.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # use outside KDE Plasma 4 | 8 | # use outside KDE Plasma 4 |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index ce86bae3d..2ef44bc7f 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Non-linear video editor | 2 | # Description: Non-linear video editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kdenlive.local | 5 | include kdenlive.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/kdenlive | 9 | noblacklist ${HOME}/.cache/kdenlive |
10 | noblacklist ${HOME}/.config/kdenliverc | 10 | noblacklist ${HOME}/.config/kdenliverc |
11 | noblacklist ${HOME}/.local/share/kdenlive | 11 | noblacklist ${HOME}/.local/share/kdenlive |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/keepass.profile b/etc/keepass.profile index ea55c6a23..788561a14 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: An easy-to-use password manager | 2 | # Description: An easy-to-use password manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/keepass.local | 5 | include keepass.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
@@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass | |||
15 | noblacklist ${HOME}/.local/share/keepass | 15 | noblacklist ${HOME}/.local/share/keepass |
16 | noblacklist ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/keepass2.profile b/etc/keepass2.profile index d29fc6abc..9e33e08db 100644 --- a/etc/keepass2.profile +++ b/etc/keepass2.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/keepass.profile | 6 | include keepass.profile |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 007c49f4a..fc9386618 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Cross Platform Password Manager | 2 | # Description: Cross Platform Password Manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/keepassx.local | 5 | include keepassx.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx | |||
12 | noblacklist ${HOME}/.keepassx | 12 | noblacklist ${HOME}/.keepassx |
13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | machine-id | 25 | machine-id |
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 4e74c2cea..fdd27e9f9 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | # Redirects | 5 | # Redirects |
6 | include /etc/firejail/keepassx.profile | 6 | include keepassx.profile |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 752ad4e98..053344cc2 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Cross Platform Password Manager | 2 | # Description: Cross Platform Password Manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/keepassxc.local | 5 | include keepassxc.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
@@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc | |||
14 | noblacklist ${HOME}/.mozilla | 14 | noblacklist ${HOME}/.mozilla |
15 | noblacklist ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | machine-id | 27 | machine-id |
diff --git a/etc/kget.profile b/etc/kget.profile index 71d39bc95..2ef84a0ee 100644 --- a/etc/kget.profile +++ b/etc/kget.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Download manager | 2 | # Description: Download manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kget.local | 5 | include kget.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.kde/share/apps/kget | 10 | noblacklist ${HOME}/.kde/share/apps/kget |
@@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget | |||
13 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 13 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
14 | noblacklist ${HOME}/.local/share/kget | 14 | noblacklist ${HOME}/.local/share/kget |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/kino.profile b/etc/kino.profile index 703ee8c9a..ead42f9ca 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Non-linear editor for Digital Video data | 2 | # Description: Non-linear editor for Digital Video data |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kino.local | 5 | include kino.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kino-history | 9 | noblacklist ${HOME}/.kino-history |
10 | noblacklist ${HOME}/.kinorc | 10 | noblacklist ${HOME}/.kinorc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 1f85335c3..1f8403ef1 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Full featured graphical email client | 2 | # Description: Full featured graphical email client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kmail.local | 5 | include kmail.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
@@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail | |||
29 | noblacklist ${HOME}/.local/share/notes | 29 | noblacklist ${HOME}/.local/share/notes |
30 | noblacklist /tmp/akonadi-* | 30 | noblacklist /tmp/akonadi-* |
31 | 31 | ||
32 | include /etc/firejail/disable-common.inc | 32 | include disable-common.inc |
33 | include /etc/firejail/disable-devel.inc | 33 | include disable-devel.inc |
34 | include /etc/firejail/disable-interpreters.inc | 34 | include disable-interpreters.inc |
35 | include /etc/firejail/disable-passwdmgr.inc | 35 | include disable-passwdmgr.inc |
36 | include /etc/firejail/disable-programs.inc | 36 | include disable-programs.inc |
37 | 37 | ||
38 | include /etc/firejail/whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
40 | # apparmor | 40 | # apparmor |
41 | caps.drop all | 41 | caps.drop all |
diff --git a/etc/knotes.profile b/etc/knotes.profile index 147d2d831..e7ea04873 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Sticky notes application | 2 | # Description: Sticky notes application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/knotes.local | 5 | include knotes.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # knotes has problems launching akonadi in debian and ubuntu. | 9 | # knotes has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when knotes is started | 10 | # one solution is to have akonadi already running when knotes is started |
@@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes | |||
14 | 14 | ||
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/kmail.profile | 17 | include kmail.profile |
diff --git a/etc/kodi.profile b/etc/kodi.profile index 5f9a4a87e..3a161db4c 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Open Source Home Theatre | 2 | # Description: Open Source Home Theatre |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kodi.local | 5 | include kodi.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kodi | 9 | noblacklist ${HOME}/.kodi |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | apparmor | 29 | apparmor |
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/konversation.profile b/etc/konversation.profile index 68d365a7a..c679bd61b 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: User friendly Internet Relay Chat (IRC) client for KDE | 2 | # Description: User friendly Internet Relay Chat (IRC) client for KDE |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/konversation.local | 5 | include konversation.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/konversationrc | 9 | noblacklist ${HOME}/.config/konversationrc |
10 | noblacklist ${HOME}/.kde/share/config/konversationrc | 10 | noblacklist ${HOME}/.kde/share/config/konversationrc |
11 | noblacklist ${HOME}/.kde4/share/config/konversationrc | 11 | noblacklist ${HOME}/.kde4/share/config/konversationrc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/kopete.profile b/etc/kopete.profile index 294f9f8cf..fef415f6e 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Instant messaging and chat application | 2 | # Description: Instant messaging and chat application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kopete.local | 5 | include kopete.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/kopete | 9 | noblacklist ${HOME}/.kde/share/apps/kopete |
10 | noblacklist ${HOME}/.kde/share/config/kopeterc | 10 | noblacklist ${HOME}/.kde/share/config/kopeterc |
11 | noblacklist ${HOME}/.kde4/share/apps/kopete | 11 | noblacklist ${HOME}/.kde4/share/apps/kopete |
12 | noblacklist ${HOME}/.kde4/share/config/kopeterc | 12 | noblacklist ${HOME}/.kde4/share/config/kopeterc |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | whitelist /var/lib/winpopup | 20 | whitelist /var/lib/winpopup |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/krita.profile b/etc/krita.profile index 5fd56d61e..bd02522f6 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Pixel-based image manipulation program | 2 | # Description: Pixel-based image manipulation program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/krita.local | 5 | include krita.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kritarc | 9 | noblacklist ${HOME}/.config/kritarc |
10 | noblacklist ${HOME}/.local/share/krita | 10 | noblacklist ${HOME}/.local/share/krita |
@@ -17,12 +17,12 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/krunner.profile b/etc/krunner.profile index 0b1b9e5de..c64113c15 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Framework for providing different actions given a string query | 2 | # Description: Framework for providing different actions given a string query |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/krunner.local | 5 | include krunner.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # - programs started in krunner run with this generic profile. | 9 | # - programs started in krunner run with this generic profile. |
10 | # - when a file is opened in krunner, the file viewer runs in its own sandbox | 10 | # - when a file is opened in krunner, the file viewer runs in its own sandbox |
@@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc | |||
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
23 | # include /etc/firejail/disable-devel.inc | 23 | # include disable-devel.inc |
24 | # include /etc/firejail/disable-interpreters.inc | 24 | # include disable-interpreters.inc |
25 | # include /etc/firejail/disable-passwdmgr.inc | 25 | # include disable-passwdmgr.inc |
26 | # include /etc/firejail/disable-programs.inc | 26 | # include disable-programs.inc |
27 | 27 | ||
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 5d3092ed1..4dc635df7 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: BitTorrent client based on the KDE platform | 2 | # Description: BitTorrent client based on the KDE platform |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ktorrent.local | 5 | include ktorrent.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktorrentrc | 9 | noblacklist ${HOME}/.config/ktorrentrc |
10 | noblacklist ${HOME}/.kde/share/apps/ktorrent | 10 | noblacklist ${HOME}/.kde/share/apps/ktorrent |
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent | |||
13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc | 13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc |
14 | noblacklist ${HOME}/.local/share/ktorrent | 14 | noblacklist ${HOME}/.local/share/ktorrent |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.kde/share/apps/ktorrent | 22 | mkdir ${HOME}/.kde/share/apps/ktorrent |
23 | mkdir ${HOME}/.kde4/share/apps/ktorrent | 23 | mkdir ${HOME}/.kde4/share/apps/ktorrent |
@@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc | |||
32 | whitelist ${HOME}/.kde4/share/apps/ktorrent | 32 | whitelist ${HOME}/.kde4/share/apps/ktorrent |
33 | whitelist ${HOME}/.kde4/share/config/ktorrentrc | 33 | whitelist ${HOME}/.kde4/share/config/ktorrentrc |
34 | whitelist ${HOME}/.local/share/ktorrent | 34 | whitelist ${HOME}/.local/share/ktorrent |
35 | include /etc/firejail/whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include /etc/firejail/whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
39 | machine-id | 39 | machine-id |
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 6d4dcfd3f..4cb489577 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for kwin_x11 | 1 | # Firejail profile for kwin_x11 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/kwin_x11.local | 4 | include kwin_x11.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/kwin | 8 | noblacklist ${HOME}/.cache/kwin |
9 | noblacklist ${HOME}/.config/kwinrc | 9 | noblacklist ${HOME}/.config/kwinrc |
10 | noblacklist ${HOME}/.config/kwinrulesrc | 10 | noblacklist ${HOME}/.config/kwinrulesrc |
11 | noblacklist ${HOME}/.local/share/kwin | 11 | noblacklist ${HOME}/.local/share/kwin |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index d2eeb83c1..9922cb0b5 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Simple text editor | 2 | # Description: Simple text editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/kwrite.local | 5 | include kwrite.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/katepartrc | 9 | noblacklist ${HOME}/.config/katepartrc |
10 | noblacklist ${HOME}/.config/katerc | 10 | noblacklist ${HOME}/.config/katerc |
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc | |||
15 | noblacklist ${HOME}/.local/share/kwrite | 15 | noblacklist ${HOME}/.local/share/kwrite |
16 | noblacklist ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbunzip2.profile +++ b/etc/lbunzip2.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzcat.profile +++ b/etc/lbzcat.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzip2.profile +++ b/etc/lbzip2.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/gzip.profile | 7 | include gzip.profile |
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index e91f9e8a5..47ea5606a 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: GTK+ based simple text editor | 2 | # Description: GTK+ based simple text editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/leafpad.local | 5 | include leafpad.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/leafpad | 9 | noblacklist ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/less.profile b/etc/less.profile index 310075124..466539c6b 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/less.local | 6 | include less.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -34,4 +34,4 @@ memory-deny-write-execute | |||
34 | noexec ${HOME} | 34 | noexec ${HOME} |
35 | noexec /tmp | 35 | noexec /tmp |
36 | 36 | ||
37 | include /etc/firejail/default.profile | 37 | include default.profile |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 0777e34bc..1a3f6cbd1 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Office productivity suite | 2 | # Description: Office productivity suite |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/libreoffice.local | 5 | include libreoffice.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist /usr/local/sbin | 10 | noblacklist /usr/local/sbin |
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java | |||
17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | # Ubuntu 18.04 uses its own apparmor profile | 27 | # Ubuntu 18.04 uses its own apparmor profile |
28 | # uncomment the next line if you are not on Ubuntu | 28 | # uncomment the next line if you are not on Ubuntu |
diff --git a/etc/liferea.profile b/etc/liferea.profile index a980f123f..c498541d4 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Feed/news/podcast client with plugin support | 2 | # Description: Feed/news/podcast client with plugin support |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/liferea.local | 5 | include liferea.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/liferea | 9 | noblacklist ${HOME}/.cache/liferea |
10 | noblacklist ${HOME}/.config/liferea | 10 | noblacklist ${HOME}/.config/liferea |
@@ -16,11 +16,11 @@ noblacklist ${PATH}/python3* | |||
16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/liferea | 25 | mkdir ${HOME}/.cache/liferea |
26 | mkdir ${HOME}/.config/liferea | 26 | mkdir ${HOME}/.config/liferea |
@@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea | |||
28 | whitelist ${HOME}/.cache/liferea | 28 | whitelist ${HOME}/.cache/liferea |
29 | whitelist ${HOME}/.config/liferea | 29 | whitelist ${HOME}/.config/liferea |
30 | whitelist ${HOME}/.local/share/liferea | 30 | whitelist ${HOME}/.local/share/liferea |
31 | include /etc/firejail/whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include /etc/firejail/whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
diff --git a/etc/linphone.profile b/etc/linphone.profile index 4f022d088..feb4037fb 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: SIP softphone - graphical client | 2 | # Description: SIP softphone - graphical client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/linphone.local | 5 | include linphone.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.linphone-history.db | 9 | noblacklist ${HOME}/.linphone-history.db |
10 | noblacklist ${HOME}/.linphonerc | 10 | noblacklist ${HOME}/.linphonerc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkfile ${HOME}/.linphone-history.db | 18 | mkfile ${HOME}/.linphone-history.db |
19 | mkfile ${HOME}/.linphonerc | 19 | mkfile ${HOME}/.linphonerc |
20 | whitelist ${HOME}/.linphone-history.db | 20 | whitelist ${HOME}/.linphone-history.db |
21 | whitelist ${HOME}/.linphonerc | 21 | whitelist ${HOME}/.linphonerc |
22 | whitelist ${HOME}/Downloads | 22 | whitelist ${HOME}/Downloads |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/lmms.profile b/etc/lmms.profile index 6091ee9fa..6c81b9172 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Linux Multimedia Studio | 2 | # Description: Linux Multimedia Studio |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/lmms.local | 5 | include lmms.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lmmsrc.xml | 9 | noblacklist ${HOME}/.lmmsrc.xml |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/lobase.profile b/etc/lobase.profile index c702a4ece..ea0f84631 100644 --- a/etc/lobase.profile +++ b/etc/lobase.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/localc.profile b/etc/localc.profile index c702a4ece..ea0f84631 100644 --- a/etc/localc.profile +++ b/etc/localc.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lodraw.profile b/etc/lodraw.profile index c702a4ece..ea0f84631 100644 --- a/etc/lodraw.profile +++ b/etc/lodraw.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loffice.profile b/etc/loffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/loffice.profile +++ b/etc/loffice.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile index c702a4ece..ea0f84631 100644 --- a/etc/lofromtemplate.profile +++ b/etc/lofromtemplate.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loimpress.profile b/etc/loimpress.profile index c702a4ece..ea0f84631 100644 --- a/etc/loimpress.profile +++ b/etc/loimpress.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 92335c4cf..6e53fc62b 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Music player for GNOME | 2 | # Description: Music player for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/lollypop.local | 5 | include lollypop.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/lollypop | 9 | noblacklist ${HOME}/.local/share/lollypop |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/lomath.profile b/etc/lomath.profile index c702a4ece..ea0f84631 100644 --- a/etc/lomath.profile +++ b/etc/lomath.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/loweb.profile b/etc/loweb.profile index c702a4ece..ea0f84631 100644 --- a/etc/loweb.profile +++ b/etc/loweb.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/lowriter.profile b/etc/lowriter.profile index c702a4ece..ea0f84631 100644 --- a/etc/lowriter.profile +++ b/etc/lowriter.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 61c4ef3fc..38f2ab10c 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Graphical user interface providing a workflow for HDR imaging | 2 | # Description: Graphical user interface providing a workflow for HDR imaging |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/luminance-hdr.local | 5 | include luminance-hdr.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Luminance | 9 | noblacklist ${HOME}/.config/Luminance |
10 | noblacklist ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index c3b532534..c275a69c8 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Image viewer for LXQt | 2 | # Description: Image viewer for LXQt |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/lximage-qt.local | 5 | include lximage-qt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/lximage-qt | 9 | noblacklist ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index a4f90da01..e0c03db50 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: LXDE music player | 2 | # Description: LXDE music player |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/lxmusic.local | 5 | include lxmusic.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xmms2 | 9 | noblacklist ${HOME}/.cache/xmms2 |
10 | noblacklist ${HOME}/.config/xmms2 | 10 | noblacklist ${HOME}/.config/xmms2 |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/lynx.profile b/etc/lynx.profile index 35385059a..e8d44823b 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Classic non-graphical (text-mode) web browser | 2 | # Description: Classic non-graphical (text-mode) web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/lynx.local | 5 | include lynx.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/lzcat.profile b/etc/lzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcat.profile +++ b/etc/lzcat.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcmp.profile +++ b/etc/lzcmp.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzdiff.profile +++ b/etc/lzdiff.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzegrep.profile +++ b/etc/lzegrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzfgrep.profile +++ b/etc/lzfgrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzgrep.profile +++ b/etc/lzgrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzip.profile b/etc/lzip.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzip.profile +++ b/etc/lzip.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzless.profile b/etc/lzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzless.profile +++ b/etc/lzless.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzma.profile b/etc/lzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzma.profile +++ b/etc/lzma.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile index 7c26620dd..9ba22601b 100644 --- a/etc/lzmadec.profile +++ b/etc/lzmadec.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/xzdec.profile | 7 | include xzdec.profile |
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmainfo.profile +++ b/etc/lzmainfo.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/lzmore.profile b/etc/lzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmore.profile +++ b/etc/lzmore.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index e640b6ad2..170085117 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for macrofusion | 1 | # Firejail profile for macrofusion |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/macrofusion.local | 4 | include macrofusion.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mfusion | 8 | noblacklist ${HOME}/.config/mfusion |
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
@@ -14,12 +14,12 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index ac337b9a1..317a3dd78 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -10,9 +10,9 @@ | |||
10 | 10 | ||
11 | quiet | 11 | quiet |
12 | # Persistent local customizations | 12 | # Persistent local customizations |
13 | include /etc/firejail/makepkg.local | 13 | include makepkg.local |
14 | # Persistent global definitions | 14 | # Persistent global definitions |
15 | include /etc/firejail/globals.local | 15 | include globals.local |
16 | 16 | ||
17 | 17 | ||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 18 | # Enable severely restricted access to ${HOME}/.gnupg |
@@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d | |||
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | 30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} |
31 | noblacklist /var/lib/pacman | 31 | noblacklist /var/lib/pacman |
32 | 32 | ||
33 | include /etc/firejail/disable-common.inc | 33 | include disable-common.inc |
34 | include /etc/firejail/disable-passwdmgr.inc | 34 | include disable-passwdmgr.inc |
35 | include /etc/firejail/disable-programs.inc | 35 | include disable-programs.inc |
36 | 36 | ||
37 | caps.drop all | 37 | caps.drop all |
38 | ipc-namespace | 38 | ipc-namespace |
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index cc80679fc..e35ddd2a7 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/masterpdfeditor.local | 5 | include masterpdfeditor.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Code Industry | 9 | noblacklist ${HOME}/.config/Code Industry |
10 | noblacklist ${HOME}/.masterpdfeditor | 10 | noblacklist ${HOME}/.masterpdfeditor |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile index 7ab9c9421..5612fdaa4 100644 --- a/etc/masterpdfeditor4.profile +++ b/etc/masterpdfeditor4.profile | |||
@@ -2,11 +2,11 @@ | |||
2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/masterpdfeditor4.local | 5 | include masterpdfeditor4.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | # added by included profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/masterpdfeditor.profile | 12 | include masterpdfeditor.profile |
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile index 86faf5da0..8669ceb11 100644 --- a/etc/masterpdfeditor5.profile +++ b/etc/masterpdfeditor5.profile | |||
@@ -2,11 +2,11 @@ | |||
2 | # Description: A complete solution for creating and editing PDF files | 2 | # Description: A complete solution for creating and editing PDF files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/masterpdfeditor5.local | 5 | include masterpdfeditor5.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | # added by included profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/masterpdfeditor.profile | 12 | include masterpdfeditor.profile |
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index a5a1ca6ef..e3220076d 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: MATE desktop calculator | 2 | # Description: MATE desktop calculator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mate-calc.local | 5 | include mate-calc.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate-calc | 9 | noblacklist ${HOME}/.config/mate-calc |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${HOME}/.cache/mate-calc | 17 | whitelist ${HOME}/.cache/mate-calc |
18 | whitelist ${HOME}/.config/caja | 18 | whitelist ${HOME}/.config/caja |
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 43bb3ebb4..442acf8ff 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/mate-calc.profile | 6 | include mate-calc.profile |
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index fed1e0643..1ba744d5a 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -1,16 +1,16 @@ | |||
1 | # Firejail profile for mate-color-select | 1 | # Firejail profile for mate-color-select |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/mate-color-select.local | 4 | include mate-color-select.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | whitelist ${HOME}/.config/gtk-3.0 | 15 | whitelist ${HOME}/.config/gtk-3.0 |
16 | whitelist ${HOME}/.fonts | 16 | whitelist ${HOME}/.fonts |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index fd51ede4c..ba179dfdd 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for mate-dictionary | 1 | # Firejail profile for mate-dictionary |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/mate-dictionary.local | 4 | include mate-dictionary.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mate/mate-dictionary | 8 | noblacklist ${HOME}/.config/mate/mate-dictionary |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist ${HOME}/.config/mate/mate-dictionary | 16 | whitelist ${HOME}/.config/mate/mate-dictionary |
17 | whitelist ${HOME}/.config/gtk-3.0 | 17 | whitelist ${HOME}/.config/gtk-3.0 |
diff --git a/etc/mathematica.profile b/etc/mathematica.profile index 984ea9e97..5f29181cd 100644 --- a/etc/mathematica.profile +++ b/etc/mathematica.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/Mathematica.profile | 6 | include Mathematica.profile |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 7445d0434..ea4cb0250 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Small Jabber (XMPP) console client | 2 | # Description: Small Jabber (XMPP) console client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mcabber.local | 5 | include mcabber.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mcabber | 9 | noblacklist ${HOME}/.mcabber |
10 | noblacklist ${HOME}/.mcabberrc | 10 | noblacklist ${HOME}/.mcabberrc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index a36d7d1c1..115444e0f 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Command-line utility for reading information from audio/video files | 2 | # Description: Command-line utility for reading information from audio/video files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mediainfo.local | 5 | include mediainfo.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 58aa9520a..06e140990 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: View streams from German public television stations | 2 | # Description: View streams from German public television stations |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mediathekview.local | 5 | include mediathekview.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpv | 9 | noblacklist ${HOME}/.config/mpv |
10 | noblacklist ${HOME}/.config/smplayer | 10 | noblacklist ${HOME}/.config/smplayer |
@@ -23,13 +23,13 @@ noblacklist /usr/lib/java | |||
23 | noblacklist /etc/java | 23 | noblacklist /etc/java |
24 | noblacklist /usr/share/java | 24 | noblacklist /usr/share/java |
25 | 25 | ||
26 | include /etc/firejail/disable-common.inc | 26 | include disable-common.inc |
27 | include /etc/firejail/disable-devel.inc | 27 | include disable-devel.inc |
28 | include /etc/firejail/disable-interpreters.inc | 28 | include disable-interpreters.inc |
29 | include /etc/firejail/disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include /etc/firejail/disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | include /etc/firejail/whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
diff --git a/etc/meld.profile b/etc/meld.profile index 2c939be1a..2b87094fb 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Graphical tool to diff and merge files | 2 | # Description: Graphical tool to diff and merge files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/meld.local | 5 | include meld.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/meld | 9 | noblacklist ${HOME}/.local/share/meld |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
diff --git a/etc/mencoder.profile b/etc/mencoder.profile index 9306d268e..136412d11 100644 --- a/etc/mencoder.profile +++ b/etc/mencoder.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: Free command line video decoding, encoding and filtering tool | 2 | # Description: Free command line video decoding, encoding and filtering tool |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mencoder.local | 5 | include mencoder.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | # added by included profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
@@ -25,4 +25,4 @@ shell none | |||
25 | 25 | ||
26 | private-bin mencoder | 26 | private-bin mencoder |
27 | 27 | ||
28 | include /etc/firejail/mplayer.profile | 28 | include mplayer.profile |
diff --git a/etc/midori.profile b/etc/midori.profile index 7c56910a7..6a69f2282 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Lightweight web browser | 2 | # Description: Lightweight web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/midori.local | 5 | include midori.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/midori | 9 | noblacklist ${HOME}/.config/midori |
10 | noblacklist ${HOME}/.local/share/midori | 10 | noblacklist ${HOME}/.local/share/midori |
@@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori | |||
12 | # noblacklist ${HOME}/.local/share/webkitgtk | 12 | # noblacklist ${HOME}/.local/share/webkitgtk |
13 | noblacklist ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.cache/midori | 20 | mkdir ${HOME}/.cache/midori |
21 | mkdir ${HOME}/.config/midori | 21 | mkdir ${HOME}/.config/midori |
@@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori | |||
33 | whitelist ${HOME}/.local/share/webkit | 33 | whitelist ${HOME}/.local/share/webkit |
34 | whitelist ${HOME}/.local/share/webkitgtk | 34 | whitelist ${HOME}/.local/share/webkitgtk |
35 | whitelist ${HOME}/.pki | 35 | whitelist ${HOME}/.pki |
36 | include /etc/firejail/whitelist-common.inc | 36 | include whitelist-common.inc |
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
39 | netfilter | 39 | netfilter |
diff --git a/etc/min.profile b/etc/min.profile index 730053735..3029c2952 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: A faster, smarter web browser. | 2 | # Description: A faster, smarter web browser. |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/min.local | 5 | include min.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Min | 9 | noblacklist ${HOME}/.config/Min |
10 | 10 | ||
11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | # ipc-namespace | 25 | # ipc-namespace |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 01680c151..17b39f7c6 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Multiplayer infinite-world block sandbox | 2 | # Description: Multiplayer infinite-world block sandbox |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/minetest.local | 5 | include minetest.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.minetest | 9 | noblacklist ${HOME}/.minetest |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.minetest | 17 | mkdir ${HOME}/.minetest |
18 | whitelist ${HOME}/.minetest | 18 | whitelist ${HOME}/.minetest |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index bd3b84449..4500f74a5 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Simple Xfce oriented text editor | 2 | # Description: Simple Xfce oriented text editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mousepad.local | 5 | include mousepad.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mousepad | 9 | noblacklist ${HOME}/.config/Mousepad |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/mpd.profile b/etc/mpd.profile index dde26db24..4f0977c40 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Music Player Daemon | 2 | # Description: Music Player Daemon |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mpd.local | 5 | include mpd.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpd | 9 | noblacklist ${HOME}/.config/mpd |
10 | noblacklist ${HOME}/.mpd | 10 | noblacklist ${HOME}/.mpd |
11 | noblacklist ${HOME}/.mpdconf | 11 | noblacklist ${HOME}/.mpdconf |
12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 1af2ea3d4..8c0b50eca 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Movie player for Unix-like systems | 2 | # Description: Movie player for Unix-like systems |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mplayer.local | 5 | include mplayer.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mplayer | 9 | noblacklist ${HOME}/.mplayer |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/mpv.profile b/etc/mpv.profile index fcd233195..3d73a8eae 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Video player based on MPlayer/mplayer2 | 2 | # Description: Video player based on MPlayer/mplayer2 |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mpv.local | 5 | include mpv.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpv | 9 | noblacklist ${HOME}/.config/mpv |
10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | apparmor | 29 | apparmor |
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile index 4fb8c6fc1..e103baf19 100644 --- a/etc/ms-excel.profile +++ b/etc/ms-excel.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Excel | 1 | # Firejail profile for Microsoft Office Online - Excel |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-excel.local | 4 | include ms-excel.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-excel-online | 8 | noblacklist ${HOME}/.cache/ms-excel-online |
9 | private-bin ms-excel | 9 | private-bin ms-excel |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index d0931da58..6c8cb213f 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for Microsoft Office Online | 1 | # Firejail profile for Microsoft Office Online |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-office.local | 4 | include ms-office.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-office-online | 8 | noblacklist ${HOME}/.cache/ms-office-online |
9 | noblacklist ${HOME}/.jak | 9 | noblacklist ${HOME}/.jak |
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile index 520544ab4..1259d55c8 100644 --- a/etc/ms-onenote.profile +++ b/etc/ms-onenote.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Onenote | 1 | # Firejail profile for Microsoft Office Online - Onenote |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-onenote.local | 4 | include ms-onenote.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-onenote-online | 8 | noblacklist ${HOME}/.cache/ms-onenote-online |
9 | private-bin ms-onenote | 9 | private-bin ms-onenote |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile index e438bbdfc..a9fadc2c1 100644 --- a/etc/ms-outlook.profile +++ b/etc/ms-outlook.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Outlook | 1 | # Firejail profile for Microsoft Office Online - Outlook |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-outlook.local | 4 | include ms-outlook.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-outlook-online | 8 | noblacklist ${HOME}/.cache/ms-outlook-online |
9 | private-bin ms-outlook | 9 | private-bin ms-outlook |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile index 82be095d0..4c096de4e 100644 --- a/etc/ms-powerpoint.profile +++ b/etc/ms-powerpoint.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Powerpoint | 1 | # Firejail profile for Microsoft Office Online - Powerpoint |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-powerpoint.local | 4 | include ms-powerpoint.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-powerpoint-online | 8 | noblacklist ${HOME}/.cache/ms-powerpoint-online |
9 | private-bin ms-powerpoint | 9 | private-bin ms-powerpoint |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile index fa3c4a314..02084d923 100644 --- a/etc/ms-skype.profile +++ b/etc/ms-skype.profile | |||
@@ -1,13 +1,13 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Skype | 1 | # Firejail profile for Microsoft Office Online - Skype |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-skype.local | 4 | include ms-skype.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-skype-online | 8 | noblacklist ${HOME}/.cache/ms-skype-online |
9 | ignore novideo | 9 | ignore novideo |
10 | private-bin ms-skype | 10 | private-bin ms-skype |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include /etc/firejail/ms-office.profile | 13 | include ms-office.profile |
diff --git a/etc/ms-word.profile b/etc/ms-word.profile index fdcab27a7..f21e987d4 100644 --- a/etc/ms-word.profile +++ b/etc/ms-word.profile | |||
@@ -1,12 +1,12 @@ | |||
1 | # Firejail profile for Microsoft Office Online - Word | 1 | # Firejail profile for Microsoft Office Online - Word |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ms-word.local | 4 | include ms-word.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-word-online | 8 | noblacklist ${HOME}/.cache/ms-word-online |
9 | private-bin ms-word | 9 | private-bin ms-word |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include /etc/firejail/ms-office.profile | 12 | include ms-office.profile |
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index b8d590f47..75e6e2804 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for multimc5 | 1 | # Firejail profile for multimc5 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/multimc5.local | 4 | include multimc5.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist ${HOME}/.local/share/multimc | 9 | noblacklist ${HOME}/.local/share/multimc |
@@ -16,17 +16,17 @@ noblacklist /usr/lib/java | |||
16 | noblacklist /etc/java | 16 | noblacklist /etc/java |
17 | noblacklist /usr/share/java | 17 | noblacklist /usr/share/java |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/multimc | 25 | mkdir ${HOME}/.local/share/multimc |
26 | whitelist ${HOME}/.local/share/multimc | 26 | whitelist ${HOME}/.local/share/multimc |
27 | whitelist ${HOME}/.local/share/multimc5 | 27 | whitelist ${HOME}/.local/share/multimc5 |
28 | whitelist ${HOME}/.multimc5 | 28 | whitelist ${HOME}/.multimc5 |
29 | include /etc/firejail/whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
32 | netfilter | 32 | netfilter |
diff --git a/etc/mumble.profile b/etc/mumble.profile index c5af9aa42..276e77c68 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Low latency encrypted VoIP client | 2 | # Description: Low latency encrypted VoIP client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mumble.local | 5 | include mumble.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mumble | 9 | noblacklist ${HOME}/.config/Mumble |
10 | noblacklist ${HOME}/.local/share/data/Mumble | 10 | noblacklist ${HOME}/.local/share/data/Mumble |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Mumble | 18 | mkdir ${HOME}/.config/Mumble |
19 | mkdir ${HOME}/.local/share/data/Mumble | 19 | mkdir ${HOME}/.local/share/data/Mumble |
20 | whitelist ${HOME}/.config/Mumble | 20 | whitelist ${HOME}/.config/Mumble |
21 | whitelist ${HOME}/.local/share/data/Mumble | 21 | whitelist ${HOME}/.local/share/data/Mumble |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index fa0d9ae26..011e85c0e 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Lightweight PDF viewer | 2 | # Description: Lightweight PDF viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mupdf.local | 5 | include mupdf.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | machine-id | 21 | machine-id |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index a235c44c8..3798609d2 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Nintendo64 Emulator | 2 | # Description: Nintendo64 Emulator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mupen64plus.local | 5 | include mupen64plus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mupen64plus | 9 | noblacklist ${HOME}/.config/mupen64plus |
10 | noblacklist ${HOME}/.local/share/mupen64plus | 10 | noblacklist ${HOME}/.local/share/mupen64plus |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | # you'll need to manually whitelist ROM files | 18 | # you'll need to manually whitelist ROM files |
19 | mkdir ${HOME}/.config/mupen64plus | 19 | mkdir ${HOME}/.config/mupen64plus |
20 | mkdir ${HOME}/.local/share/mupen64plus | 20 | mkdir ${HOME}/.local/share/mupen64plus |
21 | whitelist ${HOME}/.config/mupen64plus/ | 21 | whitelist ${HOME}/.config/mupen64plus/ |
22 | whitelist ${HOME}/.local/share/mupen64plus/ | 22 | whitelist ${HOME}/.local/share/mupen64plus/ |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
diff --git a/etc/musescore.profile b/etc/musescore.profile index 3eb929bd1..5f009c681 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Free music composition and notation software | 2 | # Description: Free music composition and notation software |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/musescore.local | 5 | include musescore.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/MusE | 9 | noblacklist ${HOME}/.config/MusE |
10 | noblacklist ${HOME}/.config/MuseScore | 10 | noblacklist ${HOME}/.config/MuseScore |
@@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore | |||
13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | noblacklist ${MUSIC} | 14 | noblacklist ${MUSIC} |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | include /etc/firejail/disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index 32c9ce1a4..d5fde525e 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for Musixmatch | 1 | # Firejail profile for Musixmatch |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/musixmatch.local | 4 | include musixmatch.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | 8 | noblacklist ${MUSIC} |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | ipc-namespace | 17 | ipc-namespace |
diff --git a/etc/mutt.profile b/etc/mutt.profile index a98518a60..b092f2333 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading | 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/mutt.local | 5 | include mutt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
@@ -32,11 +32,11 @@ noblacklist ${HOME}/mail | |||
32 | noblacklist ${HOME}/postponed | 32 | noblacklist ${HOME}/postponed |
33 | noblacklist ${HOME}/sent | 33 | noblacklist ${HOME}/sent |
34 | 34 | ||
35 | include /etc/firejail/disable-common.inc | 35 | include disable-common.inc |
36 | include /etc/firejail/disable-devel.inc | 36 | include disable-devel.inc |
37 | include /etc/firejail/disable-interpreters.inc | 37 | include disable-interpreters.inc |
38 | include /etc/firejail/disable-passwdmgr.inc | 38 | include disable-passwdmgr.inc |
39 | include /etc/firejail/disable-programs.inc | 39 | include disable-programs.inc |
40 | 40 | ||
41 | caps.drop all | 41 | caps.drop all |
42 | netfilter | 42 | netfilter |
diff --git a/etc/natron.profile b/etc/natron.profile index 76e909f83..790fe437d 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for natron | 1 | # Firejail profile for natron |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/natron.local | 4 | include natron.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Allow access to python | 8 | # Allow access to python |
9 | noblacklist ${PATH}/python2* | 9 | noblacklist ${PATH}/python2* |
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron | |||
16 | noblacklist ${HOME}/.config/INRIA | 16 | noblacklist ${HOME}/.config/INRIA |
17 | noblacklist /opt/natron | 17 | noblacklist /opt/natron |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 1809a6b3c..13fe9a9e1 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File manager and graphical shell for GNOME | 2 | # Description: File manager and graphical shell for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/nautilus.local | 5 | include nautilus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 9 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
10 | # is already a nautilus process running on gnome desktops firejail will have no effect. | 10 | # is already a nautilus process running on gnome desktops firejail will have no effect. |
@@ -20,11 +20,11 @@ noblacklist ${PATH}/python3* | |||
20 | noblacklist /usr/lib/python2* | 20 | noblacklist /usr/lib/python2* |
21 | noblacklist /usr/lib/python3* | 21 | noblacklist /usr/lib/python3* |
22 | 22 | ||
23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
27 | # include /etc/firejail/disable-programs.inc | 27 | # include disable-programs.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
diff --git a/etc/ncdu.profile b/etc/ncdu.profile index 7ce53c490..ac0fd19b2 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Ncurses disk usage viewer | 2 | # Description: Ncurses disk usage viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ncdu.local | 5 | include ncdu.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | ipc-namespace | 10 | ipc-namespace |
diff --git a/etc/nemo.profile b/etc/nemo.profile index 98e4ba1bd..8da094015 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File manager and graphical shell for Cinnamon | 2 | # Description: File manager and graphical shell for Cinnamon |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/nemo.local | 5 | include nemo.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/nemo | 9 | noblacklist ${HOME}/.config/nemo |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
@@ -17,10 +17,10 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index cb38d9de0..0ddb7bbbe 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: Lightweight and fast web browser | 2 | # Description: Lightweight and fast web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/netsurf.local | 5 | include netsurf.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/netsurf | 9 | noblacklist ${HOME}/.cache/netsurf |
10 | noblacklist ${HOME}/.config/netsurf | 10 | noblacklist ${HOME}/.config/netsurf |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.cache/netsurf | 17 | mkdir ${HOME}/.cache/netsurf |
18 | mkdir ${HOME}/.config/netsurf | 18 | mkdir ${HOME}/.config/netsurf |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ${HOME}/.cache/netsurf | 20 | whitelist ${HOME}/.cache/netsurf |
21 | whitelist ${HOME}/.config/netsurf | 21 | whitelist ${HOME}/.config/netsurf |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/neverball.profile b/etc/neverball.profile index 53002cdf6..34493485a 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: 3D floor-tilting game | 2 | # Description: 3D floor-tilting game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/neverball.local | 5 | include neverball.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.neverball | 9 | noblacklist ${HOME}/.neverball |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.neverball | 17 | mkdir ${HOME}/.neverball |
18 | whitelist ${HOME}/.neverball | 18 | whitelist ${HOME}/.neverball |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
diff --git a/etc/nheko.profile b/etc/nheko.profile index f216a9fa5..ea99b2f5a 100644 --- a/etc/nheko.profile +++ b/etc/nheko.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Desktop IM client for the Matrix protocol | 2 | # Description: Desktop IM client for the Matrix protocol |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/nheko.local | 5 | include nheko.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/nheko | 9 | noblacklist ${HOME}/.config/nheko |
10 | noblacklist ${HOME}/.cache/nheko/nheko | 10 | noblacklist ${HOME}/.cache/nheko/nheko |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/nheko | 18 | mkdir ${HOME}/.config/nheko |
19 | mkdir ${HOME}/.cache/nheko/nheko | 19 | mkdir ${HOME}/.cache/nheko/nheko |
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko | |||
22 | whitelist ${HOME}/.cache/nheko/nheko | 22 | whitelist ${HOME}/.cache/nheko/nheko |
23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | 24 | ||
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-cli.profile +++ b/etc/nitroshare-cli.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-nmh.profile +++ b/etc/nitroshare-nmh.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-send.profile +++ b/etc/nitroshare-send.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-ui.profile +++ b/etc/nitroshare-ui.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/nitroshare.profile | 7 | include nitroshare.profile |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index f02599ac6..67c651429 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/nitroshare.local | 5 | include nitroshare.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Nathan Osman | 9 | noblacklist ${HOME}/.config/Nathan Osman |
10 | noblacklist ${HOME}/.config/NitroShare | 10 | noblacklist ${HOME}/.config/NitroShare |
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/nylas.profile b/etc/nylas.profile index 79e535893..263e09198 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for nylas | 1 | # Firejail profile for nylas |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/nylas.local | 4 | include nylas.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Nylas Mail | 8 | noblacklist ${HOME}/.config/Nylas Mail |
9 | noblacklist ${HOME}/.nylas-mail | 9 | noblacklist ${HOME}/.nylas-mail |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/Nylas Mail | 18 | whitelist ${HOME}/.config/Nylas Mail |
19 | whitelist ${HOME}/.nylas-mail | 19 | whitelist ${HOME}/.nylas-mail |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/obs.profile b/etc/obs.profile index 904ece191..87afdc222 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for obs | 1 | # Firejail profile for obs |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/obs.local | 4 | include obs.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/obs-studio | 8 | noblacklist ${HOME}/.config/obs-studio |
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | nodvd | 29 | nodvd |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 5779ac771..3a1369b83 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Simple converter from OpenDocument Text to plain text | 2 | # Description: Simple converter from OpenDocument Text to plain text |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/odt2txt.local | 5 | include odt2txt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
diff --git a/etc/okular.profile b/etc/okular.profile index 169f024aa..0192a1d3d 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Universal document viewer | 2 | # Description: Universal document viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/okular.local | 5 | include okular.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/okular | 9 | noblacklist ${HOME}/.cache/okular |
10 | noblacklist ${HOME}/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
@@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc | |||
18 | noblacklist ${HOME}/.local/share/okular | 18 | noblacklist ${HOME}/.local/share/okular |
19 | noblacklist ${DOCUMENTS} | 19 | noblacklist ${DOCUMENTS} |
20 | 20 | ||
21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
26 | include /etc/firejail/disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
30 | apparmor | 30 | apparmor |
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 3d87d7770..1955901b0 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for onionshare-gui | 1 | # Firejail profile for onionshare-gui |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/onionshare-gui.local | 4 | include onionshare-gui.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/onionshare | 8 | noblacklist ${HOME}/.config/onionshare |
9 | 9 | ||
@@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare | |||
11 | noblacklist ${PATH}/python3* | 11 | noblacklist ${PATH}/python3* |
12 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 72b1fec65..108398104 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Space Invaders clone | 2 | # Description: Space Invaders clone |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/open-invaders.local | 5 | include open-invaders.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openinvaders | 9 | noblacklist ${HOME}/.openinvaders |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.openinvaders | 17 | mkdir ${HOME}/.openinvaders |
18 | whitelist ${HOME}/.openinvaders | 18 | whitelist ${HOME}/.openinvaders |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/openbox.profile b/etc/openbox.profile index 1540b71bd..1fb93c79c 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
@@ -2,13 +2,13 @@ | |||
2 | # Description: Standards-compliant, fast, light-weight and extensible window manager | 2 | # Description: Standards-compliant, fast, light-weight and extensible window manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/openbox.local | 5 | include openbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in OpenBox will run in this profile | 9 | # all applications started in OpenBox will run in this profile |
10 | noblacklist ${HOME}/.config/openbox | 10 | noblacklist ${HOME}/.config/openbox |
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index cbd1f8fe8..b86073b41 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/openshot.profile | 6 | include openshot.profile |
diff --git a/etc/openshot.profile b/etc/openshot.profile index d335e31ff..e383ecf06 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Create and edit videos and movies | 2 | # Description: Create and edit videos and movies |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/openshot.local | 5 | include openshot.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openshot | 9 | noblacklist ${HOME}/.openshot |
10 | noblacklist ${HOME}/.openshot_qt | 10 | noblacklist ${HOME}/.openshot_qt |
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 38a3152d2..8658d30c6 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for opera-beta | 1 | # Firejail profile for opera-beta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/opera-beta.local | 4 | include opera-beta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/opera | 8 | noblacklist ${HOME}/.cache/opera |
9 | noblacklist ${HOME}/.config/opera-beta | 9 | noblacklist ${HOME}/.config/opera-beta |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera | |||
14 | whitelist ${HOME}/.config/opera-beta | 14 | whitelist ${HOME}/.config/opera-beta |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/opera.profile b/etc/opera.profile index 294041c24..b342b3961 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: A fast and secure web browser | 2 | # Description: A fast and secure web browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/opera.local | 5 | include opera.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/opera | 9 | noblacklist ${HOME}/.cache/opera |
10 | noblacklist ${HOME}/.config/opera | 10 | noblacklist ${HOME}/.config/opera |
@@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera | |||
18 | whitelist ${HOME}/.opera | 18 | whitelist ${HOME}/.opera |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include /etc/firejail/chromium-common.profile | 21 | include chromium-common.profile |
diff --git a/etc/orage.profile b/etc/orage.profile index b8ae71524..29b8ef749 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Calendar for Xfce Desktop Environment | 2 | # Description: Calendar for Xfce Desktop Environment |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/orage.local | 5 | include orage.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/orage | 9 | noblacklist ${HOME}/.config/orage |
10 | noblacklist ${HOME}/.local/share/orage | 10 | noblacklist ${HOME}/.local/share/orage |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/p7zip.profile b/etc/p7zip.profile index f8b2d6f1a..644292f2b 100644 --- a/etc/p7zip.profile +++ b/etc/p7zip.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # Description: 7zr file archiver with high compression ratio | 2 | # Description: 7zr file archiver with high compression ratio |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/p7zip.local | 5 | include p7zip.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | # added by included profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include /etc/firejail/7z.profile | 11 | include 7z.profile |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 1104acff4..11464e6cf 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for palemoon | 1 | # Firejail profile for palemoon |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/palemoon.local | 4 | include palemoon.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon | 8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon |
9 | noblacklist ${HOME}/.moonchild productions/pale moon | 9 | noblacklist ${HOME}/.moonchild productions/pale moon |
@@ -23,4 +23,4 @@ seccomp | |||
23 | #private-opt palemoon | 23 | #private-opt palemoon |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
26 | include /etc/firejail/firefox-common.profile | 26 | include firefox-common.profile |
diff --git a/etc/parole.profile b/etc/parole.profile index 00e1466b4..9ad59d2e6 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Media player based on GStreamer framework | 2 | # Description: Media player based on GStreamer framework |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/parole.local | 5 | include parole.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | noblacklist ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/patch.profile b/etc/patch.profile index a918c3604..26542e229 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
@@ -3,19 +3,19 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/patch.local | 6 | include patch.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index c7e449166..0c1e95e63 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Extremely fast and lightweight file manager | 2 | # Description: Extremely fast and lightweight file manager |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pcmanfm.local | 5 | include pcmanfm.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/Trash | 9 | noblacklist ${HOME}/.local/share/Trash |
10 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below | 10 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below |
11 | # noblacklist ${HOME}/.config/pcmanfm | 11 | # noblacklist ${HOME}/.config/pcmanfm |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | # include /etc/firejail/disable-programs.inc | 17 | # include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | # net none - see issue #1467, computer:/// location broken | 20 | # net none - see issue #1467, computer:/// location broken |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index 8fe14e98f..f0db20b74 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -1,20 +1,20 @@ | |||
1 | # Firejail profile for pdfchain | 1 | # Firejail profile for pdfchain |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pdfchain.local | 4 | include pdfchain.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index ceb36ed57..3b6116c85 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Simple tool for modifying PDF documents | 2 | # Description: Simple tool for modifying PDF documents |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pdfmod.local | 5 | include pdfmod.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/pdfmod | 9 | noblacklist ${HOME}/.cache/pdfmod |
10 | noblacklist ${HOME}/.config/pdfmod | 10 | noblacklist ${HOME}/.config/pdfmod |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 585e1b164..4eed98e88 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: PDF Split and Merge | 2 | # Description: PDF Split and Merge |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pdfsam.local | 5 | include pdfsam.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
@@ -15,12 +15,12 @@ noblacklist /usr/lib/java | |||
15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 9f7c3c0fe..6b2b0fba5 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for pdftotext | 1 | # Firejail profile for pdftotext |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pdftotext.local | 4 | include pdftotext.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
diff --git a/etc/peek.profile b/etc/peek.profile index 3895281b3..06e7b3e62 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -1,20 +1,20 @@ | |||
1 | # Firejail profile for peek | 1 | # Firejail profile for peek |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/peek.local | 4 | include peek.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/peek | 8 | noblacklist ${HOME}/.cache/peek |
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | noblacklist ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
diff --git a/etc/picard.profile b/etc/picard.profile index ba1d0d9c8..dc13d7d6e 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Next-Generation MusicBrainz audio files tagger | 2 | # Description: Next-Generation MusicBrainz audio files tagger |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/picard.local | 5 | include picard.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/MusicBrainz | 9 | noblacklist ${HOME}/.cache/MusicBrainz |
10 | noblacklist ${HOME}/.config/MusicBrainz | 10 | noblacklist ${HOME}/.config/MusicBrainz |
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | no3d | 29 | no3d |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 7ecac2ccc..91a204557 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Graphical multi-protocol instant messaging client | 2 | # Description: Graphical multi-protocol instant messaging client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pidgin.local | 5 | include pidgin.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.purple | 9 | noblacklist ${HOME}/.purple |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/ping.profile b/etc/ping.profile index 2cde2a3e8..bdd29c1a1 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ping.local | 5 | include ping.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
15 | include /etc/firejail/whitelist-common.inc | 15 | include whitelist-common.inc |
16 | 16 | ||
17 | caps.keep net_raw | 17 | caps.keep net_raw |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/pingus.profile b/etc/pingus.profile index ab75eb27f..f071e664f 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Free Lemmings(TM) clone | 2 | # Description: Free Lemmings(TM) clone |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pingus.local | 5 | include pingus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pingus | 9 | noblacklist ${HOME}/.pingus |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.pingus | 17 | mkdir ${HOME}/.pingus |
18 | whitelist ${HOME}/.pingus | 18 | whitelist ${HOME}/.pingus |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 35dcdccd6..3dfe3cc1b 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Simple drawing/painting program | 2 | # Description: Simple drawing/painting program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pinta.local | 5 | include pinta.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Pinta | 9 | noblacklist ${HOME}/.config/Pinta |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/pithos.profile b/etc/pithos.profile index ef3b473b7..b201dcfea 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Pandora Radio client for the GNOME desktop | 2 | # Description: Pandora Radio client for the GNOME desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pithos.local | 5 | include pithos.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
@@ -12,15 +12,15 @@ noblacklist ${PATH}/python3* | |||
12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 62e821509..5bd6fd357 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Non-linear audio/video editor using GStreamer | 2 | # Description: Non-linear audio/video editor using GStreamer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pitivi.local | 5 | include pitivi.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.config/pitivi | 10 | noblacklist ${HOME}/.config/pitivi |
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/pix.profile b/etc/pix.profile index d48f2fdc1..9864ed718 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -1,20 +1,20 @@ | |||
1 | # Firejail profile for pix | 1 | # Firejail profile for pix |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pix.local | 4 | include pix.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pix | 8 | noblacklist ${HOME}/.config/pix |
9 | noblacklist ${HOME}/.local/share/pix | 9 | noblacklist ${HOME}/.local/share/pix |
10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | nodvd | 20 | nodvd |
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 119baf6b5..707c75cec 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Front-end for Wine | 2 | # Description: Front-end for Wine |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/playonlinux.local | 5 | include playonlinux.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.local/share/Steam | 10 | noblacklist ${HOME}/.local/share/Steam |
@@ -22,11 +22,11 @@ noblacklist ${PATH}/perl | |||
22 | noblacklist /usr/lib/perl* | 22 | noblacklist /usr/lib/perl* |
23 | noblacklist /usr/share/perl* | 23 | noblacklist /usr/share/perl* |
24 | 24 | ||
25 | include /etc/firejail/disable-common.inc | 25 | include disable-common.inc |
26 | # playonlinux uses perl | 26 | # playonlinux uses perl |
27 | include /etc/firejail/disable-devel.inc | 27 | include disable-devel.inc |
28 | include /etc/firejail/disable-interpreters.inc | 28 | include disable-interpreters.inc |
29 | include /etc/firejail/disable-programs.inc | 29 | include disable-programs.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
32 | netfilter | 32 | netfilter |
diff --git a/etc/pluma.profile b/etc/pluma.profile index 3b6db6ea0..35b141c1a 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Official text editor of the MATE desktop environment | 2 | # Description: Official text editor of the MATE desktop environment |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/pluma.local | 5 | include pluma.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pluma | 9 | noblacklist ${HOME}/.config/pluma |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | # apparmor - makes settings immutable | 19 | # apparmor - makes settings immutable |
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/polari.profile b/etc/polari.profile index 27a75ac65..5fa717cb3 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: Internet Relay Chat (IRC) client | 2 | # Description: Internet Relay Chat (IRC) client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/polari.local | 5 | include polari.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.cache/telepathy | 15 | mkdir ${HOME}/.cache/telepathy |
16 | mkdir ${HOME}/.config/telepathy-account-widgets | 16 | mkdir ${HOME}/.config/telepathy-account-widgets |
@@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy | |||
24 | whitelist ${HOME}/.local/share/TpLogger | 24 | whitelist ${HOME}/.local/share/TpLogger |
25 | whitelist ${HOME}/.local/share/telepathy | 25 | whitelist ${HOME}/.local/share/telepathy |
26 | whitelist ${HOME}/.purple | 26 | whitelist ${HOME}/.purple |
27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 8fcc19e65..fc37e6fd2 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: A PSP emulator written in C++ | 2 | # Description: A PSP emulator written in C++ |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ppsspp.local | 5 | include ppsspp.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ppsspp | 9 | noblacklist ${HOME}/.config/ppsspp |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | # with >=llvm-4 mesa drivers need llvm stuff | 11 | # with >=llvm-4 mesa drivers need llvm stuff |
12 | noblacklist /usr/lib/llvm* | 12 | noblacklist /usr/lib/llvm* |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 9a96f15e6..7ec789440 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Qt-based XMPP/Jabber client | 2 | # Description: Qt-based XMPP/Jabber client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/psi-plus.local | 5 | include psi-plus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/psi+ | 9 | noblacklist ${HOME}/.config/psi+ |
10 | noblacklist ${HOME}/.local/share/psi+ | 10 | noblacklist ${HOME}/.local/share/psi+ |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/psi+ | 18 | mkdir ${HOME}/.cache/psi+ |
19 | mkdir ${HOME}/.config/psi+ | 19 | mkdir ${HOME}/.config/psi+ |
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} | |||
22 | whitelist ${HOME}/.cache/psi+ | 22 | whitelist ${HOME}/.cache/psi+ |
23 | whitelist ${HOME}/.config/psi+ | 23 | whitelist ${HOME}/.config/psi+ |
24 | whitelist ${HOME}/.local/share/psi+ | 24 | whitelist ${HOME}/.local/share/psi+ |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index fcb979d93..eea0d9e9f 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for pybitmessage | 1 | # Firejail profile for pybitmessage |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pybitmessage.local | 4 | include pybitmessage.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | noblacklist /sbin |
9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | ipc-namespace | 27 | ipc-namespace |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 14bfc7e24..32fdc750f 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for pycharm-community | 1 | # Firejail profile for pycharm-community |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pycharm-community.local | 4 | include pycharm-community.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/snap | 8 | noblacklist ${HOME}/snap |
9 | noblacklist ${HOME}/.PyCharmCE* | 9 | noblacklist ${HOME}/.PyCharmCE* |
@@ -15,10 +15,10 @@ noblacklist /usr/lib/java | |||
15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | machine-id | 24 | machine-id |
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile index b28082dc4..a14d0268b 100644 --- a/etc/pycharm-professional.profile +++ b/etc/pycharm-professional.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | noblacklist ${HOME}/.PyCharm* | 4 | noblacklist ${HOME}/.PyCharm* |
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/pycharm-community.profile | 7 | include pycharm-community.profile |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 9f96c321f..b6b94c703 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI | 2 | # Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qbittorrent.local | 5 | include qbittorrent.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qBittorrent | 9 | noblacklist ${HOME}/.cache/qBittorrent |
10 | noblacklist ${HOME}/.config/qBittorrent | 10 | noblacklist ${HOME}/.config/qBittorrent |
@@ -17,11 +17,11 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.cache/qBittorrent | 26 | mkdir ${HOME}/.cache/qBittorrent |
27 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
@@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent | |||
31 | whitelist ${HOME}/.config/qBittorrent | 31 | whitelist ${HOME}/.config/qBittorrent |
32 | whitelist ${HOME}/.config/qBittorrentrc | 32 | whitelist ${HOME}/.config/qBittorrentrc |
33 | whitelist ${HOME}/.local/share/data/qBittorrent | 33 | whitelist ${HOME}/.local/share/data/qBittorrent |
34 | include /etc/firejail/whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include /etc/firejail/whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
37 | apparmor | 37 | apparmor |
38 | caps.drop all | 38 | caps.drop all |
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 263c71535..ac60384fd 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -1,15 +1,15 @@ | |||
1 | # Firejail profile for qemu-launcher | 1 | # Firejail profile for qemu-launcher |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/qemu-launcher.local | 4 | include qemu-launcher.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.qemu-launcher | 8 | noblacklist ${HOME}/.qemu-launcher |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 3ab25e92e..1399328d3 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -1,14 +1,14 @@ | |||
1 | # Firejail profile for qemu-system-x86_64 | 1 | # Firejail profile for qemu-system-x86_64 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/qemu-system-x86_64.local | 4 | include qemu-system-x86_64.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 74c966a44..ec0b6c64d 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Lightweight and cross-platform clipboard history applet | 2 | # Description: Lightweight and cross-platform clipboard history applet |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qlipper.local | 5 | include qlipper.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Qlipper | 9 | noblacklist ${HOME}/.config/Qlipper |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/qmmp.profile b/etc/qmmp.profile index 86b802760..66c27a585 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Feature-rich audio player with support of many formats | 2 | # Description: Feature-rich audio player with support of many formats |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qmmp.local | 5 | include qmmp.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.qmmp | 9 | noblacklist ${HOME}/.qmmp |
10 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index b10ea5bc6..06598c769 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Tabbed document viewer | 2 | # Description: Tabbed document viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qpdfview.local | 5 | include qpdfview.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/qpdfview | 9 | noblacklist ${HOME}/.config/qpdfview |
10 | noblacklist ${HOME}/.local/share/qpdfview | 10 | noblacklist ${HOME}/.local/share/qpdfview |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | machine-id | 23 | machine-id |
diff --git a/etc/qtox.profile b/etc/qtox.profile index 8c625ce31..450e005f7 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines | 2 | # Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qtox.local | 5 | include qtox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/tox | 9 | noblacklist ${HOME}/.config/tox |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/tox | 17 | mkdir ${HOME}/.config/tox |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.config/tox | 19 | whitelist ${HOME}/.config/tox |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 69c6aa61b..a78d1edcd 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: Distributed IRC client | 2 | # Description: Distributed IRC client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/quassel.local | 5 | include quassel.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 3cb4c9a0d..ce0816114 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: RSS/Atom news feeds reader | 2 | # Description: RSS/Atom news feeds reader |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/quiterss.local | 5 | include quiterss.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/QuiteRss | 9 | noblacklist ${HOME}/.cache/QuiteRss |
10 | noblacklist ${HOME}/.config/QuiteRss | 10 | noblacklist ${HOME}/.config/QuiteRss |
11 | noblacklist ${HOME}/.config/QuiteRssrc | 11 | noblacklist ${HOME}/.config/QuiteRssrc |
12 | noblacklist ${HOME}/.local/share/QuiteRss | 12 | noblacklist ${HOME}/.local/share/QuiteRss |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.cache/QuiteRss | 20 | mkdir ${HOME}/.cache/QuiteRss |
21 | mkdir ${HOME}/.config/QuiteRss | 21 | mkdir ${HOME}/.config/QuiteRss |
@@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc | |||
27 | whitelist ${HOME}/.local/share/data/QuiteRss | 27 | whitelist ${HOME}/.local/share/data/QuiteRss |
28 | whitelist ${HOME}/.local/share/QuiteRss | 28 | whitelist ${HOME}/.local/share/QuiteRss |
29 | whitelist ${HOME}/quiterssfeeds.opml | 29 | whitelist ${HOME}/quiterssfeeds.opml |
30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
33 | netfilter | 33 | netfilter |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index d1d1a1054..efee6ce84 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -1,24 +1,24 @@ | |||
1 | # Firejail profile for qupzilla | 1 | # Firejail profile for qupzilla |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/qupzilla.local | 4 | include qupzilla.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/qupzilla | 8 | noblacklist ${HOME}/.cache/qupzilla |
9 | noblacklist ${HOME}/.config/qupzilla | 9 | noblacklist ${HOME}/.config/qupzilla |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.cache/qupzilla | 18 | whitelist ${HOME}/.cache/qupzilla |
19 | whitelist ${HOME}/.config/qupzilla | 19 | whitelist ${HOME}/.config/qupzilla |
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index d4d8e3b97..ac9f9bfd9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Keyboard-driven, vim-like browser based on PyQt5 | 2 | # Description: Keyboard-driven, vim-like browser based on PyQt5 |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/qutebrowser.local | 5 | include qutebrowser.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qutebrowser | 9 | noblacklist ${HOME}/.cache/qutebrowser |
10 | noblacklist ${HOME}/.config/qutebrowser | 10 | noblacklist ${HOME}/.config/qutebrowser |
@@ -19,10 +19,10 @@ noblacklist /usr/lib/python3* | |||
19 | # with >=llvm-4 mesa drivers need llvm stuff | 19 | # with >=llvm-4 mesa drivers need llvm stuff |
20 | noblacklist /usr/lib/llvm* | 20 | noblacklist /usr/lib/llvm* |
21 | 21 | ||
22 | include /etc/firejail/disable-common.inc | 22 | include disable-common.inc |
23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
26 | 26 | ||
27 | mkdir ${HOME}/.cache/qutebrowser | 27 | mkdir ${HOME}/.cache/qutebrowser |
28 | mkdir ${HOME}/.config/qutebrowser | 28 | mkdir ${HOME}/.config/qutebrowser |
@@ -31,7 +31,7 @@ whitelist ${DOWNLOADS} | |||
31 | whitelist ${HOME}/.cache/qutebrowser | 31 | whitelist ${HOME}/.cache/qutebrowser |
32 | whitelist ${HOME}/.config/qutebrowser | 32 | whitelist ${HOME}/.config/qutebrowser |
33 | whitelist ${HOME}/.local/share/qutebrowser | 33 | whitelist ${HOME}/.local/share/qutebrowser |
34 | include /etc/firejail/whitelist-common.inc | 34 | include whitelist-common.inc |
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
37 | netfilter | 37 | netfilter |
diff --git a/etc/rambox.profile b/etc/rambox.profile index afe9b41e7..6c65f869b 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
@@ -1,24 +1,24 @@ | |||
1 | # Firejail profile for rambox | 1 | # Firejail profile for rambox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/rambox.local | 4 | include rambox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Rambox | 8 | noblacklist ${HOME}/.config/Rambox |
9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Rambox | 16 | mkdir ${HOME}/.config/Rambox |
17 | mkdir ${HOME}/.pki | 17 | mkdir ${HOME}/.pki |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.config/Rambox | 19 | whitelist ${HOME}/.config/Rambox |
20 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
diff --git a/etc/ranger.profile b/etc/ranger.profile index c5eb0b60d..f582b8dfb 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: File manager with an ncurses frontend written in Python | 2 | # Description: File manager with an ncurses frontend written in Python |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ranger.local | 5 | include ranger.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ranger | 9 | noblacklist ${HOME}/.config/ranger |
10 | 10 | ||
@@ -20,11 +20,11 @@ noblacklist ${PATH}/perl | |||
20 | noblacklist /usr/lib/perl* | 20 | noblacklist /usr/lib/perl* |
21 | noblacklist /usr/share/perl* | 21 | noblacklist /usr/share/perl* |
22 | 22 | ||
23 | include /etc/firejail/disable-common.inc | 23 | include disable-common.inc |
24 | include /etc/firejail/disable-devel.inc | 24 | include disable-devel.inc |
25 | include /etc/firejail/disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include /etc/firejail/disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
27 | include /etc/firejail/disable-programs.inc | 27 | include disable-programs.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | net none | 30 | net none |
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index aed69ea17..278514538 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: Free, casual arena shooter | 2 | # Description: Free, casual arena shooter |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/redeclipse.local | 5 | include redeclipse.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.redeclipse | 9 | noblacklist ${HOME}/.redeclipse |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.redeclipse | 17 | mkdir ${HOME}/.redeclipse |
18 | whitelist ${HOME}/.redeclipse | 18 | whitelist ${HOME}/.redeclipse |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/remmina.profile b/etc/remmina.profile index 29e7fbd35..888f3819f 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: GTK+ Remote Desktop Client | 2 | # Description: GTK+ Remote Desktop Client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/remmina.local | 5 | include remmina.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.remmina | 9 | noblacklist ${HOME}/.remmina |
10 | noblacklist ${HOME}/.config/remmina | 10 | noblacklist ${HOME}/.config/remmina |
11 | noblacklist ${HOME}/.local/share/remmina | 11 | noblacklist ${HOME}/.local/share/remmina |
12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | nodvd | 24 | nodvd |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 50d98d427..f9b7115ac 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Music player and organizer for GNOME | 2 | # Description: Music player and organizer for GNOME |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/rhythmbox.local | 5 | include rhythmbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | # rhythmbox is using Python | 13 | # rhythmbox is using Python |
14 | #include /etc/firejail/disable-interpreters.inc | 14 | #include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index f4c1ad7af..cbdc28cf6 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for ricochet | 1 | # Firejail profile for ricochet |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/ricochet.local | 4 | include ricochet.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/Ricochet | 9 | noblacklist ${HOME}/.local/share/Ricochet |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.local/share/Ricochet | 18 | whitelist ${HOME}/.local/share/Ricochet |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile index cc8b68ebb..fececd850 100644 --- a/etc/riot-desktop.profile +++ b/etc/riot-desktop.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: A glossy Matrix collaboration client for the desktop | 2 | # Description: A glossy Matrix collaboration client for the desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/riot-desktop.local | 5 | include riot-desktop.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/riot-web.profile | 10 | include riot-web.profile |
diff --git a/etc/riot-web.profile b/etc/riot-web.profile index 5379223c5..c9f597626 100644 --- a/etc/riot-web.profile +++ b/etc/riot-web.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: A glossy Matrix collaboration client for the web | 2 | # Description: A glossy Matrix collaboration client for the web |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/riot-web.local | 5 | include riot-web.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Riot | 9 | noblacklist ${HOME}/.config/Riot |
10 | 10 | ||
11 | mkdir ${HOME}/.config/Riot | 11 | mkdir ${HOME}/.config/Riot |
12 | whitelist ${HOME}/.config/Riot | 12 | whitelist ${HOME}/.config/Riot |
13 | include /etc/firejail/whitelist-common.inc | 13 | include whitelist-common.inc |
14 | 14 | ||
15 | # Redirect | 15 | # Redirect |
16 | include /etc/firejail/electron.profile | 16 | include electron.profile |
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index ab7564c82..e6b22b914 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Lightweight picture-viewer for the Xfce desktop environment | 2 | # Description: Lightweight picture-viewer for the Xfce desktop environment |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ristretto.local | 5 | include ristretto.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ristretto | 9 | noblacklist ${HOME}/.config/ristretto |
10 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile index da92cd938..c95bc3c3d 100644 --- a/etc/rocketchat.profile +++ b/etc/rocketchat.profile | |||
@@ -1,14 +1,14 @@ | |||
1 | # Firejail profile for rocketchat | 1 | # Firejail profile for rocketchat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/rocketchat.local | 4 | include rocketchat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Rocket.Chat | 8 | noblacklist ${HOME}/.config/Rocket.Chat |
9 | 9 | ||
10 | whitelist ${HOME}/.config/Rocket.Chat | 10 | whitelist ${HOME}/.config/Rocket.Chat |
11 | include /etc/firejail/whitelist-common.inc | 11 | include whitelist-common.inc |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include /etc/firejail/electron.profile | 14 | include electron.profile |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index a259bcfa8..0b4d6e1b1 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: Ncurses BitTorrent client based on LibTorrent from rakshasa | 2 | # Description: Ncurses BitTorrent client based on LibTorrent from rakshasa |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/rtorrent.local | 5 | include rtorrent.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | machine-id | 17 | machine-id |
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile index 05ffbfe20..794c38d6e 100644 --- a/etc/runenpass.sh.profile +++ b/etc/runenpass.sh.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/enpass.profile | 6 | include enpass.profile |
diff --git a/etc/rview.profile b/etc/rview.profile index 90481b019..b3a6bfbdc 100644 --- a/etc/rview.profile +++ b/etc/rview.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for rview | 1 | # Firejail profile for rview |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/rview.local | 4 | include rview.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/rvim.profile b/etc/rvim.profile index 1070e9376..5481dfe43 100644 --- a/etc/rvim.profile +++ b/etc/rvim.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for rvim | 1 | # Firejail profile for rvim |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/rvim.local | 4 | include rvim.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 09b909a33..ce86c80f9 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for sayonara player | 1 | # Firejail profile for sayonara player |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/sayonara.local | 4 | include sayonara.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Sayonara | 8 | noblacklist ${HOME}/.Sayonara |
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/scallion.profile b/etc/scallion.profile index c046dc7a1..b4d0ef240 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/scallion.local | 5 | include scallion.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | noblacklist /usr/lib/llvm* | 10 | noblacklist /usr/lib/llvm* |
@@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl | |||
12 | noblacklist ${PATH}/openssl-1.0 | 12 | noblacklist ${PATH}/openssl-1.0 |
13 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/scribus.profile b/etc/scribus.profile index 123251432..a8e510b8a 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Open Source Desktop Page Layout | 2 | # Description: Open Source Desktop Page Layout |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/scribus.local | 5 | include scribus.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Support for PDF readers comes with Scribus 1.5 and higher | 9 | # Support for PDF readers comes with Scribus 1.5 and higher |
10 | noblacklist ${HOME}/.cache/okular | 10 | noblacklist ${HOME}/.cache/okular |
@@ -32,14 +32,14 @@ noblacklist ${PATH}/python3* | |||
32 | noblacklist /usr/lib/python2* | 32 | noblacklist /usr/lib/python2* |
33 | noblacklist /usr/lib/python3* | 33 | noblacklist /usr/lib/python3* |
34 | 34 | ||
35 | include /etc/firejail/disable-common.inc | 35 | include disable-common.inc |
36 | include /etc/firejail/disable-devel.inc | 36 | include disable-devel.inc |
37 | include /etc/firejail/disable-interpreters.inc | 37 | include disable-interpreters.inc |
38 | include /etc/firejail/disable-passwdmgr.inc | 38 | include disable-passwdmgr.inc |
39 | include /etc/firejail/disable-programs.inc | 39 | include disable-programs.inc |
40 | include /etc/firejail/disable-xdg.inc | 40 | include disable-xdg.inc |
41 | 41 | ||
42 | include /etc/firejail/whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
43 | 43 | ||
44 | caps.drop all | 44 | caps.drop all |
45 | net none | 45 | net none |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index ad3d0acf2..01a056767 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/sdat2img.local | 5 | include sdat2img.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
10 | noblacklist ${PATH}/python2* | 10 | noblacklist ${PATH}/python2* |
@@ -12,14 +12,14 @@ noblacklist ${PATH}/python3* | |||
12 | noblacklist /usr/lib/python2* | 12 | noblacklist /usr/lib/python2* |
13 | noblacklist /usr/lib/python3* | 13 | noblacklist /usr/lib/python3* |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index 1ceed99fd..e420d8124 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/seamonkey.profile | 6 | include seamonkey.profile |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index b702d8b23..9c38414bb 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: SeaMonkey internet suite | 2 | # Description: SeaMonkey internet suite |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/seamonkey.local | 5 | include seamonkey.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mozilla | 18 | mkdir ${HOME}/.cache/mozilla |
19 | mkdir ${HOME}/.mozilla | 19 | mkdir ${HOME}/.mozilla |
@@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight | |||
35 | whitelist ${HOME}/.wine-pipelight64 | 35 | whitelist ${HOME}/.wine-pipelight64 |
36 | whitelist ${HOME}/.zotero | 36 | whitelist ${HOME}/.zotero |
37 | whitelist ${HOME}/dwhelper | 37 | whitelist ${HOME}/dwhelper |
38 | include /etc/firejail/whitelist-common.inc | 38 | include whitelist-common.inc |
39 | 39 | ||
40 | caps.drop all | 40 | caps.drop all |
41 | netfilter | 41 | netfilter |
diff --git a/etc/server.profile b/etc/server.profile index e02b2591b..3526e88ab 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for server | 1 | # Firejail profile for server |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/server.local | 4 | include server.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # generic server profile | 8 | # generic server profile |
9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
@@ -15,12 +15,12 @@ noblacklist /sbin | |||
15 | noblacklist /usr/sbin | 15 | noblacklist /usr/sbin |
16 | # noblacklist /var/opt | 16 | # noblacklist /var/opt |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | # include /etc/firejail/disable-devel.inc | 19 | # include disable-devel.inc |
20 | # include /etc/firejail/disable-interpreters.inc | 20 | # include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | #include /etc/firejail/disable-xdg.inc | 23 | #include disable-xdg.inc |
24 | 24 | ||
25 | caps | 25 | caps |
26 | # ipc-namespace | 26 | # ipc-namespace |
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index 10f188f00..429633a6d 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
@@ -3,20 +3,20 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/shellcheck.local | 6 | include shellcheck.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index b481820b4..264566dcd 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for shotcut | 1 | # Firejail profile for shotcut |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/shotcut.local | 4 | include shotcut.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Meltytech | 8 | noblacklist ${HOME}/.config/Meltytech |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index f44723bee..008cd218e 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for signal-desktop | 1 | # Firejail profile for signal-desktop |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/signal-desktop.local | 4 | include signal-desktop.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Signal | 8 | noblacklist ${HOME}/.config/Signal |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Signal | 16 | mkdir ${HOME}/.config/Signal |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/Signal | 18 | whitelist ${HOME}/.config/Signal |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 850b33a2b..5ef96a4ea 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for silentarmy | 1 | # Firejail profile for silentarmy |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/silentarmy.local | 4 | include silentarmy.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 30d2203de..85cb00ef1 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Simple Scanning Utility | 2 | # Description: Simple Scanning Utility |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/simple-scan.local | 5 | include simple-scan.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/simple-scan | 9 | noblacklist ${HOME}/.cache/simple-scan |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index b19ed1c39..a4e4d892c 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Transportation simulator | 2 | # Description: Transportation simulator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/simutrans.local | 5 | include simutrans.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.simutrans | 9 | noblacklist ${HOME}/.simutrans |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.simutrans | 17 | mkdir ${HOME}/.simutrans |
18 | whitelist ${HOME}/.simutrans | 18 | whitelist ${HOME}/.simutrans |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index f8bca415d..76b050d18 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Image scanner based on the KSane backend | 2 | # Description: Image scanner based on the KSane backend |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/skanlite.local | 5 | include skanlite.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | # net none | 19 | # net none |
diff --git a/etc/skype.profile b/etc/skype.profile index b0aeaecff..09b9baa11 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for skype | 1 | # Firejail profile for skype |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/skype.local | 4 | include skype.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Skype | 8 | noblacklist ${HOME}/.Skype |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index c675f0345..bccef9705 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for skypeforlinux | 1 | # Firejail profile for skypeforlinux |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/skypeforlinux.local | 4 | include skypeforlinux.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/skypeforlinux | 8 | noblacklist ${HOME}/.config/skypeforlinux |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/slack.profile b/etc/slack.profile index 45a8c8298..995d49687 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -1,25 +1,25 @@ | |||
1 | # Firejail profile for slack | 1 | # Firejail profile for slack |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/slack.local | 4 | include slack.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Slack | 8 | noblacklist ${HOME}/.config/Slack |
9 | noblacklist ${HOME}/Downloads | 9 | noblacklist ${HOME}/Downloads |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config | 17 | mkdir ${HOME}/.config |
18 | mkdir ${HOME}/.config/Slack | 18 | mkdir ${HOME}/.config/Slack |
19 | whitelist ${HOME}/.config/Slack | 19 | whitelist ${HOME}/.config/Slack |
20 | whitelist ${HOME}/Downloads | 20 | whitelist ${HOME}/Downloads |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | name slack | 25 | name slack |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 7e1f98a09..57ab2cde6 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Complete front-end for MPlayer and mpv | 2 | # Description: Complete front-end for MPlayer and mpv |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/smplayer.local | 5 | include smplayer.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.mplayer | 10 | noblacklist ${HOME}/.mplayer |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | noblacklist ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/smtube.profile b/etc/smtube.profile index 41d8ef5a5..24f3db40a 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: YouTube videos browser | 2 | # Description: YouTube videos browser |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/smtube.local | 5 | include smtube.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/smtube | 10 | noblacklist ${HOME}/.config/smtube |
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/vlc | |||
15 | noblacklist ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
diff --git a/etc/snap.profile b/etc/snap.profile index bcfdc8911..1c6d750e4 100644 --- a/etc/snap.profile +++ b/etc/snap.profile | |||
@@ -2,16 +2,16 @@ | |||
2 | # Description: Location of genes from DNA sequence with hidden markov model | 2 | # Description: Location of genes from DNA sequence with hidden markov model |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/snap.local | 5 | include snap.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Generic Ubuntu snap application profile | 9 | # Generic Ubuntu snap application profile |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | whitelist ${HOME}/snap | 16 | whitelist ${HOME}/snap |
17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
diff --git a/etc/snox.profile b/etc/snox.profile index 22bb0cdb0..3b3fd1ae1 100644 --- a/etc/snox.profile +++ b/etc/snox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for snox | 1 | # Firejail profile for snox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/snox.local | 4 | include snox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/snox | 8 | noblacklist ${HOME}/.cache/snox |
9 | noblacklist ${HOME}/.config/snox | 9 | noblacklist ${HOME}/.config/snox |
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox | |||
16 | whitelist ${HOME}/.config/snox | 16 | whitelist ${HOME}/.config/snox |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include /etc/firejail/chromium-common.profile | 19 | include chromium-common.profile |
diff --git a/etc/soffice.profile b/etc/soffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/soffice.profile +++ b/etc/soffice.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/libreoffice.profile | 6 | include libreoffice.profile |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 867d21d0e..d34ccf901 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: GNOME application to convert audio files into other formats | 2 | # Description: GNOME application to convert audio files into other formats |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/soundconverter.local | 5 | include soundconverter.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
@@ -14,14 +14,14 @@ noblacklist ${PATH}/python3* | |||
14 | noblacklist /usr/lib/python2* | 14 | noblacklist /usr/lib/python2* |
15 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | net none | 27 | net none |
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 18d3a0575..350f10632 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/spectre-meltdown-checker.local | 5 | include spectre-meltdown-checker.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # sudo firejail --allow-debuggers spectre-meltdown-checker | 9 | # sudo firejail --allow-debuggers spectre-meltdown-checker |
10 | 10 | ||
@@ -18,14 +18,14 @@ noblacklist ${PATH}/perl | |||
18 | noblacklist /usr/lib/perl* | 18 | noblacklist /usr/lib/perl* |
19 | noblacklist /usr/share/perl* | 19 | noblacklist /usr/share/perl* |
20 | 20 | ||
21 | include /etc/firejail/disable-common.inc | 21 | include disable-common.inc |
22 | include /etc/firejail/disable-devel.inc | 22 | include disable-devel.inc |
23 | include /etc/firejail/disable-interpreters.inc | 23 | include disable-interpreters.inc |
24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
25 | include /etc/firejail/disable-programs.inc | 25 | include disable-programs.inc |
26 | include /etc/firejail/disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
30 | caps.keep sys_rawio | 30 | caps.keep sys_rawio |
31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/spotify.profile b/etc/spotify.profile index e8d251b8f..f6f31028f 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for spotify | 1 | # Firejail profile for spotify |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/spotify.local | 4 | include spotify.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${HOME}/.bashrc | 8 | blacklist ${HOME}/.bashrc |
9 | blacklist /lost+found | 9 | blacklist /lost+found |
@@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify | |||
14 | noblacklist ${HOME}/.config/spotify | 14 | noblacklist ${HOME}/.config/spotify |
15 | noblacklist ${HOME}/.local/share/spotify | 15 | noblacklist ${HOME}/.local/share/spotify |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.cache/spotify | 23 | mkdir ${HOME}/.cache/spotify |
24 | mkdir ${HOME}/.config/spotify | 24 | mkdir ${HOME}/.config/spotify |
@@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify | |||
26 | whitelist ${HOME}/.cache/spotify | 26 | whitelist ${HOME}/.cache/spotify |
27 | whitelist ${HOME}/.config/spotify | 27 | whitelist ${HOME}/.config/spotify |
28 | whitelist ${HOME}/.local/share/spotify | 28 | whitelist ${HOME}/.local/share/spotify |
29 | include /etc/firejail/whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include /etc/firejail/whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
33 | netfilter | 33 | netfilter |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index fe8ee8e5f..6bdd437cd 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: GUI editor for SQLite databases | 2 | # Description: GUI editor for SQLite databases |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/sqlitebrowser.local | 5 | include sqlitebrowser.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/sqlitebrowser | 9 | noblacklist ${HOME}/.config/sqlitebrowser |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index b71c20231..02b66955f 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/ssh-agent.local | 5 | include ssh-agent.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
@@ -12,9 +12,9 @@ noblacklist /etc/ssh | |||
12 | noblacklist /tmp/ssh-* | 12 | noblacklist /tmp/ssh-* |
13 | noblacklist ${HOME}/.ssh | 13 | noblacklist ${HOME}/.ssh |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | shell none | 19 | shell none |
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 306cdf171..de627dcf0 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -3,17 +3,17 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/ssh.local | 6 | include ssh.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /etc/ssh | 10 | noblacklist /etc/ssh |
11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
12 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | 19 | ipc-namespace |
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 67e356123..4486c8869 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -1,24 +1,24 @@ | |||
1 | # Firejail profile for standardnotes-desktop | 1 | # Firejail profile for standardnotes-desktop |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/standardnotes-desktop.local | 4 | include standardnotes-desktop.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/Standard Notes Backups | 8 | noblacklist ${HOME}/Standard Notes Backups |
9 | noblacklist ${HOME}/.config/Standard Notes | 9 | noblacklist ${HOME}/.config/Standard Notes |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/Standard Notes Backups | 17 | mkdir ${HOME}/Standard Notes Backups |
18 | mkdir ${HOME}/.config/Standard Notes | 18 | mkdir ${HOME}/.config/Standard Notes |
19 | whitelist ${HOME}/Standard Notes Backups | 19 | whitelist ${HOME}/Standard Notes Backups |
20 | whitelist ${HOME}/.config/Standard Notes | 20 | whitelist ${HOME}/.config/Standard Notes |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile index c17815969..2b01eca88 100644 --- a/etc/start-tor-browser.desktop.profile +++ b/etc/start-tor-browser.desktop.profile | |||
@@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn: | |||
63 | whitelist ${HOME}/.tor-browser-zh-cn: | 63 | whitelist ${HOME}/.tor-browser-zh-cn: |
64 | 64 | ||
65 | # Redirect | 65 | # Redirect |
66 | include /etc/firejail/torbrowser-launcher.profile | 66 | include torbrowser-launcher.profile |
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 2ccd2f61f..d3b0b27e3 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for start-tor-browser | 1 | # Firejail profile for start-tor-browser |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/start-tor-browser.local | 4 | include start-tor-browser.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/steam-native.profile b/etc/steam-native.profile index b85b1659b..47608ad28 100644 --- a/etc/steam-native.profile +++ b/etc/steam-native.profile | |||
@@ -2,4 +2,4 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | # Redirect | 4 | # Redirect |
5 | include /etc/firejail/steam.profile | 5 | include steam.profile |
diff --git a/etc/steam.profile b/etc/steam.profile index 7928d8526..775b6c875 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Valve's Steam digital software delivery system | 2 | # Description: Valve's Steam digital software delivery system |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/steam.local | 5 | include steam.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist ${HOME}/.killingfloor | 10 | noblacklist ${HOME}/.killingfloor |
@@ -37,13 +37,13 @@ noblacklist ${PATH}/python3* | |||
37 | noblacklist /usr/lib/python2* | 37 | noblacklist /usr/lib/python2* |
38 | noblacklist /usr/lib/python3* | 38 | noblacklist /usr/lib/python3* |
39 | 39 | ||
40 | include /etc/firejail/disable-common.inc | 40 | include disable-common.inc |
41 | include /etc/firejail/disable-devel.inc | 41 | include disable-devel.inc |
42 | include /etc/firejail/disable-interpreters.inc | 42 | include disable-interpreters.inc |
43 | include /etc/firejail/disable-passwdmgr.inc | 43 | include disable-passwdmgr.inc |
44 | include /etc/firejail/disable-programs.inc | 44 | include disable-programs.inc |
45 | 45 | ||
46 | include /etc/firejail/whitelist-var-common.inc | 46 | include whitelist-var-common.inc |
47 | 47 | ||
48 | caps.drop all | 48 | caps.drop all |
49 | #ipc-namespace | 49 | #ipc-namespace |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index bbbc5c084..7d0000fb3 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -2,25 +2,25 @@ | |||
2 | # Description: Real-time photo-realistic sky generator | 2 | # Description: Real-time photo-realistic sky generator |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/stellarium.local | 5 | include stellarium.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/stellarium | 9 | noblacklist ${HOME}/.config/stellarium |
10 | noblacklist ${HOME}/.stellarium | 10 | noblacklist ${HOME}/.stellarium |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/stellarium | 18 | mkdir ${HOME}/.config/stellarium |
19 | mkdir ${HOME}/.stellarium | 19 | mkdir ${HOME}/.stellarium |
20 | whitelist ${HOME}/.config/stellarium | 20 | whitelist ${HOME}/.config/stellarium |
21 | whitelist ${HOME}/.stellarium | 21 | whitelist ${HOME}/.stellarium |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
diff --git a/etc/strings.profile b/etc/strings.profile index 9e5d88ef0..f243606ec 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/strings.local | 5 | include strings.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included default.profile | 7 | # added by included default.profile |
8 | #include /etc/firejail/globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
@@ -31,4 +31,4 @@ memory-deny-write-execute | |||
31 | noexec ${HOME} | 31 | noexec ${HOME} |
32 | noexec /tmp | 32 | noexec /tmp |
33 | 33 | ||
34 | include /etc/firejail/default.profile | 34 | include default.profile |
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile index b4eee28df..d556521e1 100644 --- a/etc/studio.sh.profile +++ b/etc/studio.sh.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile alias for Android Studio | 1 | # Firejail profile alias for Android Studio |
2 | 2 | ||
3 | # Redirect | 3 | # Redirect |
4 | include /etc/firejail/android-studio.profile | 4 | include android-studio.profile |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index b1fea064c..fc523ce0a 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for supertux2 | 1 | # Firejail profile for supertux2 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/supertux2.local | 4 | include supertux2.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/supertux2 | 8 | noblacklist ${HOME}/.local/share/supertux2 |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.local/share/supertux2 | 16 | mkdir ${HOME}/.local/share/supertux2 |
17 | whitelist ${HOME}/.local/share/supertux2 | 17 | whitelist ${HOME}/.local/share/supertux2 |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/surf.profile b/etc/surf.profile index fbec118bc..3a1b1f383 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Simple web browser by suckless community | 2 | # Description: Simple web browser by suckless community |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/surf.local | 5 | include surf.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.surf | 9 | noblacklist ${HOME}/.surf |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.surf | 16 | mkdir ${HOME}/.surf |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index 04b36c731..64de64eb4 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Light weight e-mail client with GTK+ | 2 | # Description: Light weight e-mail client with GTK+ |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/sylpheed.local | 5 | include sylpheed.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.sylpheed-2.0 | 9 | noblacklist ${HOME}/.sylpheed-2.0 |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 27b7604e3..9ce1bb183 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Vector-based 2D animation package | 2 | # Description: Vector-based 2D animation package |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/synfigstudio.local | 5 | include synfigstudio.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/synfig | 9 | noblacklist ${HOME}/.config/synfig |
10 | noblacklist ${HOME}/.synfig | 10 | noblacklist ${HOME}/.synfig |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
diff --git a/etc/tar.profile b/etc/tar.profile index a10581341..cbf421914 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/tar.local | 6 | include tar.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -29,4 +29,4 @@ private-dev | |||
29 | private-etc passwd,group,localtime | 29 | private-etc passwd,group,localtime |
30 | private-lib | 30 | private-lib |
31 | 31 | ||
32 | include /etc/firejail/default.profile | 32 | include default.profile |
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index 63751a7d5..25928882b 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: TeamSpeak is software for quality voice communication via the Internet | 2 | # Description: TeamSpeak is software for quality voice communication via the Internet |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/teamspeak3.local | 5 | include teamspeak3.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ts3client | 9 | noblacklist ${HOME}/.ts3client |
10 | noblacklist ${PATH}/openssl | 10 | noblacklist ${PATH}/openssl |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.ts3client | 18 | mkdir ${HOME}/.ts3client |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ${HOME}/.ts3client | 20 | whitelist ${HOME}/.ts3client |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile index 9e4855247..ef60bdc8c 100644 --- a/etc/telegram-desktop.profile +++ b/etc/telegram-desktop.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/telegram.profile | 7 | include telegram.profile |
diff --git a/etc/telegram.profile b/etc/telegram.profile index 9ffb9f287..fb2c06a27 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for telegram | 1 | # Firejail profile for telegram |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/telegram.local | 4 | include telegram.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.TelegramDesktop | 8 | noblacklist ${HOME}/.TelegramDesktop |
9 | noblacklist ${HOME}/.local/share/TelegramDesktop | 9 | noblacklist ${HOME}/.local/share/TelegramDesktop |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 9c17ff46a..22038e0b4 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for terasology | 1 | # Firejail profile for terasology |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/terasology.local | 4 | include terasology.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist ${HOME}/.local/share/terasology | 9 | noblacklist ${HOME}/.local/share/terasology |
@@ -14,17 +14,17 @@ noblacklist /usr/lib/java | |||
14 | noblacklist /etc/java | 14 | noblacklist /etc/java |
15 | noblacklist /usr/share/java | 15 | noblacklist /usr/share/java |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.java | 23 | mkdir ${HOME}/.java |
24 | mkdir ${HOME}/.local/share/terasology | 24 | mkdir ${HOME}/.local/share/terasology |
25 | whitelist ${HOME}/.java | 25 | whitelist ${HOME}/.java |
26 | whitelist ${HOME}/.local/share/terasology | 26 | whitelist ${HOME}/.local/share/terasology |
27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/thunar.profile b/etc/thunar.profile index 37d10ae0d..0c7a048c4 100644 --- a/etc/thunar.profile +++ b/etc/thunar.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/Thunar.profile | 7 | include Thunar.profile |
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile index 73d2419da..2bd06cb14 100644 --- a/etc/thunderbird-beta.profile +++ b/etc/thunderbird-beta.profile | |||
@@ -5,4 +5,4 @@ | |||
5 | whitelist /opt/thunderbird-beta | 5 | whitelist /opt/thunderbird-beta |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include /etc/firejail/thunderbird.profile | 8 | include thunderbird.profile |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 86671d1be..5f1af91be 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Email, RSS and newsgroup client with integrated spam filter | 2 | # Description: Email, RSS and newsgroup client with integrated spam filter |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/thunderbird.local | 5 | include thunderbird.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Users have thunderbird set to open a browser by clicking a link in an email | 9 | # Users have thunderbird set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
@@ -38,4 +38,4 @@ writable-run-user | |||
38 | 38 | ||
39 | # allow browsers | 39 | # allow browsers |
40 | # Redirect | 40 | # Redirect |
41 | include /etc/firejail/firefox.profile | 41 | include firefox.profile |
diff --git a/etc/tilp.profile b/etc/tilp.profile index 7d63df630..ecacd1deb 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
@@ -1,17 +1,17 @@ | |||
1 | # Firejail profile for tilp | 1 | # Firejail profile for tilp |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/tilp.local | 4 | include tilp.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.tilp | 8 | noblacklist ${HOME}/.tilp |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile index a668a05d4..612b2d01b 100644 --- a/etc/tor-browser-ar.profile +++ b/etc/tor-browser-ar.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar | |||
7 | whitelist ${HOME}/.tor-browser-ar | 7 | whitelist ${HOME}/.tor-browser-ar |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile index 195377f0f..db56dda1b 100644 --- a/etc/tor-browser-en-us.profile +++ b/etc/tor-browser-en-us.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us | |||
7 | whitelist ${HOME}/.tor-browser-en-us | 7 | whitelist ${HOME}/.tor-browser-en-us |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 75aad1a09..ad4110c0e 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en | |||
7 | whitelist ${HOME}/.tor-browser-en | 7 | whitelist ${HOME}/.tor-browser-en |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile index b6e5dedbc..1aa586658 100644 --- a/etc/tor-browser-es-es.profile +++ b/etc/tor-browser-es-es.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es | |||
7 | whitelist ${HOME}/.tor-browser-es-es | 7 | whitelist ${HOME}/.tor-browser-es-es |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile index c607c93e3..a386e3387 100644 --- a/etc/tor-browser-es.profile +++ b/etc/tor-browser-es.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es | |||
7 | whitelist ${HOME}/.tor-browser-es | 7 | whitelist ${HOME}/.tor-browser-es |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile index 3ce689c21..7f847a7c2 100644 --- a/etc/tor-browser-fa.profile +++ b/etc/tor-browser-fa.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa | |||
7 | whitelist ${HOME}/.tor-browser-fa | 7 | whitelist ${HOME}/.tor-browser-fa |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile index 369184aba..bce470ec8 100644 --- a/etc/tor-browser-fr.profile +++ b/etc/tor-browser-fr.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr | |||
7 | whitelist ${HOME}/.tor-browser-fr | 7 | whitelist ${HOME}/.tor-browser-fr |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile index e5d54617d..3c239ca29 100644 --- a/etc/tor-browser-it.profile +++ b/etc/tor-browser-it.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it | |||
7 | whitelist ${HOME}/.tor-browser-it | 7 | whitelist ${HOME}/.tor-browser-it |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile index a3cfa1987..c52e0f64e 100644 --- a/etc/tor-browser-ja.profile +++ b/etc/tor-browser-ja.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja | |||
7 | whitelist ${HOME}/.tor-browser-ja | 7 | whitelist ${HOME}/.tor-browser-ja |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile index 6a7fe905c..8faa5afa1 100644 --- a/etc/tor-browser-ko.profile +++ b/etc/tor-browser-ko.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko | |||
7 | whitelist ${HOME}/.tor-browser-ko | 7 | whitelist ${HOME}/.tor-browser-ko |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile index e72d64a3e..08ddd4ae7 100644 --- a/etc/tor-browser-pl.profile +++ b/etc/tor-browser-pl.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl | |||
7 | whitelist ${HOME}/.tor-browser-pl | 7 | whitelist ${HOME}/.tor-browser-pl |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile index d3a5d1b79..9942a3fe8 100644 --- a/etc/tor-browser-pt-br.profile +++ b/etc/tor-browser-pt-br.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br | |||
7 | whitelist ${HOME}/.tor-browser-pt-br | 7 | whitelist ${HOME}/.tor-browser-pt-br |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile index 22b772b28..6294f8ca0 100644 --- a/etc/tor-browser-ru.profile +++ b/etc/tor-browser-ru.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru | |||
7 | whitelist ${HOME}/.tor-browser-ru | 7 | whitelist ${HOME}/.tor-browser-ru |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile index cd1c5b0b3..734c38698 100644 --- a/etc/tor-browser-vi.profile +++ b/etc/tor-browser-vi.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi | |||
7 | whitelist ${HOME}/.tor-browser-vi | 7 | whitelist ${HOME}/.tor-browser-vi |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile index bf1bc75d6..21e813e45 100644 --- a/etc/tor-browser-zh-cn.profile +++ b/etc/tor-browser-zh-cn.profile | |||
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn | |||
7 | whitelist ${HOME}/.tor-browser-zh-cn | 7 | whitelist ${HOME}/.tor-browser-zh-cn |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/torbrowser-launcher.profile | 10 | include torbrowser-launcher.profile |
diff --git a/etc/tor.profile b/etc/tor.profile index ed14ead56..04a6c3abb 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Anonymizing overlay network for TCP | 2 | # Description: Anonymizing overlay network for TCP |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/tor.local | 5 | include tor.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # How to use: | 9 | # How to use: |
10 | # Create a script called anything (e.g. mytor) | 10 | # Create a script called anything (e.g. mytor) |
@@ -17,12 +17,12 @@ include /etc/firejail/globals.local | |||
17 | # You'll also likely want to disable the system service (if it exists) | 17 | # You'll also likely want to disable the system service (if it exists) |
18 | # Run mytor (or whatever you called the script above) whenever you want to start tor | 18 | # Run mytor (or whatever you called the script above) whenever you want to start tor |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | caps.keep setuid,setgid,net_bind_service,dac_read_search | 27 | caps.keep setuid,setgid,net_bind_service,dac_read_search |
28 | ipc-namespace | 28 | ipc-namespace |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index c73121126..a9244683f 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Helps download and run the Tor Browser Bundle | 2 | # Description: Helps download and run the Tor Browser Bundle |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/torbrowser-launcher.local | 5 | include torbrowser-launcher.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/torbrowser | 9 | noblacklist ${HOME}/.config/torbrowser |
10 | noblacklist ${HOME}/.local/share/torbrowser | 10 | noblacklist ${HOME}/.local/share/torbrowser |
@@ -15,20 +15,20 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/torbrowser | 25 | mkdir ${HOME}/.config/torbrowser |
26 | mkdir ${HOME}/.local/share/torbrowser | 26 | mkdir ${HOME}/.local/share/torbrowser |
27 | whitelist ${DOWNLOADS} | 27 | whitelist ${DOWNLOADS} |
28 | whitelist ${HOME}/.config/torbrowser | 28 | whitelist ${HOME}/.config/torbrowser |
29 | whitelist ${HOME}/.local/share/torbrowser | 29 | whitelist ${HOME}/.local/share/torbrowser |
30 | include /etc/firejail/whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include /etc/firejail/whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
34 | netfilter | 34 | netfilter |
diff --git a/etc/totem.profile b/etc/totem.profile index 03e30a40a..3055ea542 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Simple media player for the GNOME desktop based on GStreamer | 2 | # Description: Simple media player for the GNOME desktop based on GStreamer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/totem.local | 5 | include totem.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/totem | 9 | noblacklist ${HOME}/.config/totem |
10 | noblacklist ${HOME}/.local/share/totem | 10 | noblacklist ${HOME}/.local/share/totem |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | noblacklist ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | # apparmor - makes settings immutable | 23 | # apparmor - makes settings immutable |
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/tracker.profile b/etc/tracker.profile index 142089c34..6d86b2951 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Metadata database, indexer and search tool | 2 | # Description: Metadata database, indexer and search tool |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/tracker.local | 5 | include tracker.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index b60fbf99c..cc2e4467e 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -2,18 +2,18 @@ | |||
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/transmission-cli.local | 5 | include transmission-cli.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | machine-id | 19 | machine-id |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 65b5547b1..867f9f113 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -2,26 +2,26 @@ | |||
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/transmission-gtk.local | 5 | include transmission-gtk.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/transmission | 18 | mkdir ${HOME}/.cache/transmission |
19 | mkdir ${HOME}/.config/transmission | 19 | mkdir ${HOME}/.config/transmission |
20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | whitelist ${HOME}/.cache/transmission | 21 | whitelist ${HOME}/.cache/transmission |
22 | whitelist ${HOME}/.config/transmission | 22 | whitelist ${HOME}/.config/transmission |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 31935039e..81b8f38cf 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -2,26 +2,26 @@ | |||
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Lightweight BitTorrent client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/transmission-qt.local | 5 | include transmission-qt.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/transmission | 9 | noblacklist ${HOME}/.cache/transmission |
10 | noblacklist ${HOME}/.config/transmission | 10 | noblacklist ${HOME}/.config/transmission |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/transmission | 18 | mkdir ${HOME}/.cache/transmission |
19 | mkdir ${HOME}/.config/transmission | 19 | mkdir ${HOME}/.config/transmission |
20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | whitelist ${HOME}/.cache/transmission | 21 | whitelist ${HOME}/.cache/transmission |
22 | whitelist ${HOME}/.config/transmission | 22 | whitelist ${HOME}/.config/transmission |
23 | include /etc/firejail/whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 1e5dc3ef2..248eb977e 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for transmission-show | 1 | # Firejail profile for transmission-show |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/transmission-show.local | 4 | include transmission-show.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/transmission | 8 | noblacklist ${HOME}/.cache/transmission |
9 | noblacklist ${HOME}/.config/transmission | 9 | noblacklist ${HOME}/.config/transmission |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | machine-id | 18 | machine-id |
diff --git a/etc/truecraft.profile b/etc/truecraft.profile index ad021c13e..ae1d85473 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile | |||
@@ -1,24 +1,24 @@ | |||
1 | # Firejail profile for truecraft | 1 | # Firejail profile for truecraft |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/truecraft.local | 4 | include truecraft.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mono | 8 | noblacklist ${HOME}/.config/mono |
9 | noblacklist ${HOME}/.config/truecraft | 9 | noblacklist ${HOME}/.config/truecraft |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/mono | 17 | mkdir ${HOME}/.config/mono |
18 | mkdir ${HOME}/.config/truecraft | 18 | mkdir ${HOME}/.config/truecraft |
19 | whitelist ${HOME}/.config/mono | 19 | whitelist ${HOME}/.config/mono |
20 | whitelist ${HOME}/.config/truecraft | 20 | whitelist ${HOME}/.config/truecraft |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | nodvd | 24 | nodvd |
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index da6f935d7..1b657d083 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Multitrack guitar tablature editor and player (gp3 to gp5) | 2 | # Description: Multitrack guitar tablature editor and player (gp3 to gp5) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/tuxguitar.local | 5 | include tuxguitar.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist ${HOME}/.tuxguitar* | 10 | noblacklist ${HOME}/.tuxguitar* |
@@ -17,14 +17,14 @@ noblacklist /usr/lib/java | |||
17 | noblacklist /etc/java | 17 | noblacklist /etc/java |
18 | noblacklist /usr/share/java | 18 | noblacklist /usr/share/java |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 0548bb323..218b41e15 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for uefitool | 1 | # Firejail profile for uefitool |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/uefitool.local | 4 | include uefitool.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 37361e7eb..09821b411 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -1,21 +1,21 @@ | |||
1 | # Firejail profile for uget-gtk | 1 | # Firejail profile for uget-gtk |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/uget-gtk.local | 4 | include uget-gtk.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uGet | 8 | noblacklist ${HOME}/.config/uGet |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.config/uGet | 15 | mkdir ${HOME}/.config/uGet |
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ${HOME}/.config/uGet | 17 | whitelist ${HOME}/.config/uGet |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/unbound.profile b/etc/unbound.profile index e7862add7..6e4b5ed1c 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Validating, recursive, caching DNS resolver | 2 | # Description: Validating, recursive, caching DNS resolver |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/unbound.local | 5 | include unbound.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist /sbin | 11 | noblacklist /sbin |
12 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /var/lib/unbound | 21 | whitelist /var/lib/unbound |
22 | whitelist /var/run | 22 | whitelist /var/run |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index e5a35529a..f62f018a6 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: 2D realtime strategy simulation | 2 | # Description: 2D realtime strategy simulation |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/unknown-horizons.local | 5 | include unknown-horizons.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.unknown-horizons | 9 | noblacklist ${HOME}/.unknown-horizons |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.unknown-horizons | 15 | mkdir ${HOME}/.unknown-horizons |
16 | whitelist ${HOME}/.unknown-horizons | 16 | whitelist ${HOME}/.unknown-horizons |
17 | include /etc/firejail/whitelist-common.inc | 17 | include whitelist-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | nodvd | 20 | nodvd |
diff --git a/etc/unlzma.profile b/etc/unlzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unlzma.profile +++ b/etc/unlzma.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/unrar.profile b/etc/unrar.profile index adc356a10..00fe0887b 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/unrar.local | 6 | include unrar.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -28,4 +28,4 @@ private-dev | |||
28 | private-etc passwd,group,localtime | 28 | private-etc passwd,group,localtime |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | include /etc/firejail/default.profile | 31 | include default.profile |
diff --git a/etc/unxz.profile b/etc/unxz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unxz.profile +++ b/etc/unxz.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 95c9913a4..8e659c256 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/unzip.local | 6 | include unzip.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -30,4 +30,4 @@ private-etc passwd,group,localtime | |||
30 | # GNOME Shell integration (chrome-gnome-shell) | 30 | # GNOME Shell integration (chrome-gnome-shell) |
31 | noblacklist ${HOME}/.local/share/gnome-shell | 31 | noblacklist ${HOME}/.local/share/gnome-shell |
32 | 32 | ||
33 | include /etc/firejail/default.profile | 33 | include default.profile |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 62dea4244..3bd0ebe70 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/uudeview.local | 6 | include uudeview.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | hostname uudeview | 11 | hostname uudeview |
12 | ignore noroot | 12 | ignore noroot |
@@ -25,4 +25,4 @@ private-cache | |||
25 | private-dev | 25 | private-dev |
26 | private-etc ld.so.preload | 26 | private-etc ld.so.preload |
27 | 27 | ||
28 | include /etc/firejail/default.profile | 28 | include default.profile |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index b8a3fa497..7e6b35d13 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for uzbl-browser | 1 | # Firejail profile for uzbl-browser |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/uzbl-browser.local | 4 | include uzbl-browser.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uzbl | 8 | noblacklist ${HOME}/.config/uzbl |
9 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
@@ -15,10 +15,10 @@ noblacklist ${PATH}/python3* | |||
15 | noblacklist /usr/lib/python2* | 15 | noblacklist /usr/lib/python2* |
16 | noblacklist /usr/lib/python3* | 16 | noblacklist /usr/lib/python3* |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/uzbl | 23 | mkdir ${HOME}/.config/uzbl |
24 | mkdir ${HOME}/.gnupg | 24 | mkdir ${HOME}/.gnupg |
@@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl | |||
29 | whitelist ${HOME}/.gnupg | 29 | whitelist ${HOME}/.gnupg |
30 | whitelist ${HOME}/.local/share/uzbl | 30 | whitelist ${HOME}/.local/share/uzbl |
31 | whitelist ${HOME}/.password-store | 31 | whitelist ${HOME}/.password-store |
32 | include /etc/firejail/whitelist-common.inc | 32 | include whitelist-common.inc |
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 025e0fae8..4c22f8e6f 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Simple, fast and elegant image viewer | 2 | # Description: Simple, fast and elegant image viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/viewnior.local | 5 | include viewnior.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
10 | 10 | ||
@@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam | |||
12 | noblacklist ${HOME}/.config/viewnior | 12 | noblacklist ${HOME}/.config/viewnior |
13 | noblacklist ${HOME}/.steam | 13 | noblacklist ${HOME}/.steam |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
diff --git a/etc/viking.profile b/etc/viking.profile index 01786b4e1..baf268691 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: GPS data editor, analyzer and viewer | 2 | # Description: GPS data editor, analyzer and viewer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/viking.local | 5 | include viking.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.viking | 9 | noblacklist ${HOME}/.viking |
10 | noblacklist ${HOME}/.viking-maps | 10 | noblacklist ${HOME}/.viking-maps |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/vim.profile b/etc/vim.profile index 33b406c24..e4e759b86 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Vi IMproved - enhanced vi editor | 2 | # Description: Vi IMproved - enhanced vi editor |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/vim.local | 5 | include vim.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vim | 9 | noblacklist ${HOME}/.vim |
10 | noblacklist ${HOME}/.viminfo | 10 | noblacklist ${HOME}/.viminfo |
11 | noblacklist ${HOME}/.vimrc | 11 | noblacklist ${HOME}/.vimrc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/vimcat.profile b/etc/vimcat.profile index 5067c2fd1..a8f7758e0 100644 --- a/etc/vimcat.profile +++ b/etc/vimcat.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for vimcat | 1 | # Firejail profile for vimcat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/vimcat.local | 4 | include vimcat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile index f89a2c112..53a5c6224 100644 --- a/etc/vimdiff.profile +++ b/etc/vimdiff.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for vimdiff | 1 | # Firejail profile for vimdiff |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/vimdiff.local | 4 | include vimdiff.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/vimpager.profile b/etc/vimpager.profile index 9c59cb82f..ef2c20ef1 100644 --- a/etc/vimpager.profile +++ b/etc/vimpager.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # Description: A vim-based script to use as a PAGER | 2 | # Description: A vim-based script to use as a PAGER |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/vimpager.local | 5 | include vimpager.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include /etc/firejail/vim.profile | 11 | include vim.profile |
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile index 83851d37e..7330d6da2 100644 --- a/etc/vimtutor.profile +++ b/etc/vimtutor.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for vimtutor | 1 | # Firejail profile for vimtutor |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/vimtutor.local | 4 | include vimtutor.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/vim.profile | 10 | include vim.profile |
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index c634348c7..1ef44dd5c 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: x86 virtualization solution | 2 | # Description: x86 virtualization solution |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/virtualbox.local | 5 | include virtualbox.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.VirtualBox | 9 | noblacklist ${HOME}/.VirtualBox |
10 | noblacklist ${HOME}/.config/VirtualBox | 10 | noblacklist ${HOME}/.config/VirtualBox |
@@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs | |||
13 | noblacklist /usr/lib/virtualbox | 13 | noblacklist /usr/lib/virtualbox |
14 | noblacklist /usr/lib64/virtualbox | 14 | noblacklist /usr/lib64/virtualbox |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/VirtualBox | 20 | mkdir ${HOME}/.config/VirtualBox |
21 | mkdir ${HOME}/VirtualBox VMs | 21 | mkdir ${HOME}/VirtualBox VMs |
22 | whitelist ${HOME}/.config/VirtualBox | 22 | whitelist ${HOME}/.config/VirtualBox |
23 | whitelist ${HOME}/VirtualBox VMs | 23 | whitelist ${HOME}/VirtualBox VMs |
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-beta.profile +++ b/etc/vivaldi-beta.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/vivaldi.profile | 6 | include vivaldi.profile |
diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile index f8691025f..ea4a4009f 100644 --- a/etc/vivaldi-snapshot.profile +++ b/etc/vivaldi-snapshot.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for vivaldi-snapshot | 1 | # Firejail profile for vivaldi-snapshot |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/vivaldi-snapshot.local | 4 | include vivaldi-snapshot.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/vivaldi-snapshot | 8 | noblacklist ${HOME}/.cache/vivaldi-snapshot |
9 | noblacklist ${HOME}/.config/vivaldi-snapshot | 9 | noblacklist ${HOME}/.config/vivaldi-snapshot |
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot | |||
14 | whitelist ${HOME}/.config/vivaldi-snapshot | 14 | whitelist ${HOME}/.config/vivaldi-snapshot |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include /etc/firejail/chromium-common.profile | 17 | include chromium-common.profile |
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-stable.profile +++ b/etc/vivaldi-stable.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/vivaldi.profile | 6 | include vivaldi.profile |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 8b37ca40b..96f1bd99d 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for vivaldi | 1 | # Firejail profile for vivaldi |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/vivaldi.local | 4 | include vivaldi.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/vivaldi | 8 | noblacklist ${HOME}/.cache/vivaldi |
9 | noblacklist ${HOME}/.config/vivaldi | 9 | noblacklist ${HOME}/.config/vivaldi |
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi | |||
17 | ignore nodbus | 17 | ignore nodbus |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include /etc/firejail/chromium-common.profile | 20 | include chromium-common.profile |
diff --git a/etc/vlc.profile b/etc/vlc.profile index d911360a7..0395a5a59 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Multimedia player and streamer | 2 | # Description: Multimedia player and streamer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/vlc.local | 5 | include vlc.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vlc | 9 | noblacklist ${HOME}/.cache/vlc |
10 | noblacklist ${HOME}/.config/vlc | 10 | noblacklist ${HOME}/.config/vlc |
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc | |||
12 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | noblacklist ${VIDEOS} | 13 | noblacklist ${VIDEOS} |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include disable-devel.inc |
17 | include /etc/firejail/disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 24 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/vym.profile b/etc/vym.profile index cd9bb0ac1..bb3f6ac56 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Mindmapping tool | 2 | # Description: Mindmapping tool |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/vym.local | 5 | include vym.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/InSilmaril | 9 | noblacklist ${HOME}/.config/InSilmaril |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/w3m.profile b/etc/w3m.profile index 270456a60..c03df49cd 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: WWW browsable pager with excellent tables/frames support | 2 | # Description: WWW browsable pager with excellent tables/frames support |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/w3m.local | 5 | include w3m.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.w3m | 11 | noblacklist ${HOME}/.w3m |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index b291693d9..816f2236c 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: 3D real time strategy game | 2 | # Description: 3D real time strategy game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/warzone2100.local | 5 | include warzone2100.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.warzone2100-3.* | 9 | noblacklist ${HOME}/.warzone2100-3.* |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | # mkdir ${HOME}/.warzone2100-3.1 | 17 | # mkdir ${HOME}/.warzone2100-3.1 |
18 | # mkdir ${HOME}/.warzone2100-3.2 | 18 | # mkdir ${HOME}/.warzone2100-3.2 |
19 | whitelist ${HOME}/.warzone2100-3.1 | 19 | whitelist ${HOME}/.warzone2100-3.1 |
20 | whitelist ${HOME}/.warzone2100-3.2 | 20 | whitelist ${HOME}/.warzone2100-3.2 |
21 | include /etc/firejail/whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index fdd299bbf..3dc21958d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for waterfox | 1 | # Firejail profile for waterfox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/waterfox.local | 4 | include waterfox.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.cache/waterfox | 9 | noblacklist ${HOME}/.cache/waterfox |
@@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox | |||
25 | #private-etc waterfox | 25 | #private-etc waterfox |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include /etc/firejail/firefox-common.profile | 28 | include firefox-common.profile |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 51596909e..9a25727a9 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for WebStorm | 1 | # Firejail profile for WebStorm |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/webstorm.local | 4 | include webstorm.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.WebStorm* | 8 | noblacklist ${HOME}/.WebStorm* |
9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
@@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling | |||
17 | noblacklist ${PATH}/node | 17 | noblacklist ${PATH}/node |
18 | noblacklist ${HOME}/.nvm | 18 | noblacklist ${HOME}/.nvm |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | include /etc/firejail/disable-devel.inc | 23 | include disable-devel.inc |
24 | include /etc/firejail/disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile index 0da7d45d6..4e9d6826c 100644 --- a/etc/weechat-curses.profile +++ b/etc/weechat-curses.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/weechat.profile | 6 | include weechat.profile |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 213271367..99b34048f 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -2,14 +2,14 @@ | |||
2 | # Description: Fast, light and extensible chat client | 2 | # Description: Fast, light and extensible chat client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/weechat.local | 5 | include weechat.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.weechat | 9 | noblacklist ${HOME}/.weechat |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 93ca13c36..a67d3a1b8 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Fantasy turn-based strategy game | 2 | # Description: Fantasy turn-based strategy game |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/wesnoth.local | 5 | include wesnoth.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/wesnoth | 9 | noblacklist ${HOME}/.cache/wesnoth |
10 | noblacklist ${HOME}/.config/wesnoth | 10 | noblacklist ${HOME}/.config/wesnoth |
11 | noblacklist ${HOME}/.local/share/wesnoth | 11 | noblacklist ${HOME}/.local/share/wesnoth |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/wesnoth | 19 | mkdir ${HOME}/.cache/wesnoth |
20 | mkdir ${HOME}/.config/wesnoth | 20 | mkdir ${HOME}/.config/wesnoth |
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/wesnoth | |||
22 | whitelist ${HOME}/.cache/wesnoth | 22 | whitelist ${HOME}/.cache/wesnoth |
23 | whitelist ${HOME}/.config/wesnoth | 23 | whitelist ${HOME}/.config/wesnoth |
24 | whitelist ${HOME}/.local/share/wesnoth | 24 | whitelist ${HOME}/.local/share/wesnoth |
25 | include /etc/firejail/whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | nodvd | 28 | nodvd |
diff --git a/etc/wget.profile b/etc/wget.profile index 655756ffb..213840726 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -3,19 +3,19 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/wget.local | 6 | include wget.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | noblacklist ${HOME}/.wgetrc | 12 | noblacklist ${HOME}/.wgetrc |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index e1fa809b4..38ec5d85d 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -1,5 +1,5 @@ | |||
1 | # Local customizations come here | 1 | # Local customizations come here |
2 | include /etc/firejail/whitelist-common.local | 2 | include whitelist-common.local |
3 | 3 | ||
4 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
5 | 5 | ||
@@ -13,6 +13,7 @@ whitelist ${HOME}/.config/user-dirs.dirs | |||
13 | read-only ${HOME}/.config/user-dirs.dirs | 13 | read-only ${HOME}/.config/user-dirs.dirs |
14 | whitelist ${HOME}/.drirc | 14 | whitelist ${HOME}/.drirc |
15 | whitelist ${HOME}/.icons | 15 | whitelist ${HOME}/.icons |
16 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit | ||
16 | whitelist ${HOME}/.local/share/applications | 17 | whitelist ${HOME}/.local/share/applications |
17 | read-only ${HOME}/.local/share/applications | 18 | read-only ${HOME}/.local/share/applications |
18 | whitelist ${HOME}/.local/share/icons | 19 | whitelist ${HOME}/.local/share/icons |
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc index 024995f20..e2210057b 100644 --- a/etc/whitelist-var-common.inc +++ b/etc/whitelist-var-common.inc | |||
@@ -1,5 +1,5 @@ | |||
1 | # Local customizations come here | 1 | # Local customizations come here |
2 | include /etc/firejail/whitelist-var-common.local | 2 | include whitelist-var-common.local |
3 | 3 | ||
4 | # common /var whitelist for all profiles | 4 | # common /var whitelist for all profiles |
5 | 5 | ||
diff --git a/etc/whois.profile b/etc/whois.profile index 3c7ae7200..368f8b5bb 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -2,18 +2,18 @@ quiet | |||
2 | # Firejail profile for whois | 2 | # Firejail profile for whois |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/whois.local | 5 | include whois.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include disable-common.inc |
10 | # include /etc/firejail/disable-devel.inc | 10 | # include disable-devel.inc |
11 | # include /etc/firejail/disable-interpreters.inc | 11 | # include disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | #include /etc/firejail/disable-xdg.inc | 14 | #include disable-xdg.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | # ipc-namespace | 19 | # ipc-namespace |
diff --git a/etc/wine.profile b/etc/wine.profile index 88cdd2ffc..34c695cf1 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: A compatibility layer for running Windows programs | 2 | # Description: A compatibility layer for running Windows programs |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/wine.local | 5 | include wine.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.local/share/Steam | 10 | noblacklist ${HOME}/.local/share/Steam |
@@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine | |||
14 | # with >=llvm-4 mesa drivers need llvm stuff | 14 | # with >=llvm-4 mesa drivers need llvm stuff |
15 | noblacklist /usr/lib/llvm* | 15 | noblacklist /usr/lib/llvm* |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include disable-devel.inc |
19 | include /etc/firejail/disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 1791d6274..f464a2fb9 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -1,23 +1,23 @@ | |||
1 | # Firejail profile for wire-desktop | 1 | # Firejail profile for wire-desktop |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/wire-desktop.local | 4 | include wire-desktop.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Wire | 8 | noblacklist ${HOME}/.config/Wire |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Wire | 16 | mkdir ${HOME}/.config/Wire |
17 | whitelist ${HOME}/.config/Wire | 17 | whitelist ${HOME}/.config/Wire |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | 19 | ||
20 | include /etc/firejail/whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-gtk.profile +++ b/etc/wireshark-gtk.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/wireshark.profile | 7 | include wireshark.profile |
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-qt.profile +++ b/etc/wireshark-qt.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/wireshark.profile | 7 | include wireshark.profile |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index dc100bc91..4f1142826 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Network traffic analyzer | 2 | # Description: Network traffic analyzer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/wireshark.local | 5 | include wireshark.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/wireshark | 9 | noblacklist ${HOME}/.config/wireshark |
10 | noblacklist ${HOME}/.wireshark | 10 | noblacklist ${HOME}/.wireshark |
@@ -16,14 +16,14 @@ noblacklist /usr/lib/lua | |||
16 | noblacklist /usr/include/lua* | 16 | noblacklist /usr/include/lua* |
17 | noblacklist /usr/share/lua | 17 | noblacklist /usr/share/lua |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | apparmor | 28 | apparmor |
29 | # caps.drop all | 29 | # caps.drop all |
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index 31700b0af..e21b74030 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for x-terminal-emulator | 1 | # Firejail profile for x-terminal-emulator |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/x-terminal-emulator.local | 4 | include x-terminal-emulator.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | ipc-namespace | 9 | ipc-namespace |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index d78cd49d4..1941787b1 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # Firejail profile for xcalc | 1 | # Firejail profile for xcalc |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xcalc.local | 4 | include xcalc.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | include /etc/firejail/disable-common.inc | 8 | include disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 9 | include disable-devel.inc |
10 | include /etc/firejail/disable-interpreters.inc | 10 | include disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include disable-programs.inc |
13 | include /etc/firejail/disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
diff --git a/etc/xchat.profile b/etc/xchat.profile index af6da1ac5..a94444aab 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -2,15 +2,15 @@ | |||
2 | # Description: IRC client for X similar to AmIRC | 2 | # Description: IRC client for X similar to AmIRC |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xchat.local | 5 | include xchat.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xchat | 9 | noblacklist ${HOME}/.config/xchat |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | nodvd | 16 | nodvd |
diff --git a/etc/xed.profile b/etc/xed.profile index e58ab499e..7dffae05a 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for xed | 1 | # Firejail profile for xed |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xed.local | 4 | include xed.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xed | 8 | noblacklist ${HOME}/.config/xed |
9 | 9 | ||
@@ -13,13 +13,13 @@ noblacklist ${PATH}/python3* | |||
13 | noblacklist /usr/lib/python2* | 13 | noblacklist /usr/lib/python2* |
14 | noblacklist /usr/lib/python3* | 14 | noblacklist /usr/lib/python3* |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include disable-devel.inc |
18 | include /etc/firejail/disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include /etc/firejail/disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | # apparmor - makes settings immutable | 24 | # apparmor - makes settings immutable |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 207e62232..3dc525755 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: CD-burner application for Xfce Desktop Environment | 2 | # Description: CD-burner application for Xfce Desktop Environment |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xfburn.local | 5 | include xfburn.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfburn | 9 | noblacklist ${HOME}/.config/xfburn |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 21d1cd3c0..0dc021ef3 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
@@ -2,17 +2,17 @@ | |||
2 | # Description: Dictionary plugin for Xfce4 panel | 2 | # Description: Dictionary plugin for Xfce4 panel |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xfce4-dict.local | 5 | include xfce4-dict.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4-dict | 9 | noblacklist ${HOME}/.config/xfce4-dict |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index fb8297117..df1b575b2 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: Notes application for the Xfce4 desktop | 2 | # Description: Notes application for the Xfce4 desktop |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xfce4-notes.local | 5 | include xfce4-notes.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
11 | noblacklist ${HOME}/.local/share/notes | 11 | noblacklist ${HOME}/.local/share/notes |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 67fd6fce8..6adfcd819 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -2,24 +2,24 @@ | |||
2 | # Description: Environment for Bible reading, study, and research | 2 | # Description: Environment for Bible reading, study, and research |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xiphos.local | 5 | include xiphos.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.bashrc | 9 | blacklist ${HOME}/.bashrc |
10 | 10 | ||
11 | noblacklist ${HOME}/.sword | 11 | noblacklist ${HOME}/.sword |
12 | noblacklist ${HOME}/.xiphos | 12 | noblacklist ${HOME}/.xiphos |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include disable-devel.inc |
16 | include /etc/firejail/disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | whitelist ${HOME}/.sword | 20 | whitelist ${HOME}/.sword |
21 | whitelist ${HOME}/.xiphos | 21 | whitelist ${HOME}/.xiphos |
22 | include /etc/firejail/whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
diff --git a/etc/xmms.profile b/etc/xmms.profile index 4d88b87f2..7a11e1244 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile | |||
@@ -1,19 +1,19 @@ | |||
1 | # Firejail profile for xmms | 1 | # Firejail profile for xmms |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xmms.local | 4 | include xmms.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmms | 8 | noblacklist ${HOME}/.xmms |
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 03fba1d0c..25b2b8c91 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for xmr-stak | 1 | # Firejail profile for xmr-stak |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xmr-stak.local | 4 | include xmr-stak.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmr-stak | 8 | noblacklist ${HOME}/.xmr-stak |
9 | noblacklist /usr/lib/llvm* | 9 | noblacklist /usr/lib/llvm* |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.xmr-stak | 18 | mkdir ${HOME}/.xmr-stak |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-glx.profile +++ b/etc/xonotic-glx.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/xonotic.profile | 6 | include xonotic.profile |
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-sdl.profile +++ b/etc/xonotic-sdl.profile | |||
@@ -3,4 +3,4 @@ | |||
3 | 3 | ||
4 | 4 | ||
5 | # Redirect | 5 | # Redirect |
6 | include /etc/firejail/xonotic.profile | 6 | include xonotic.profile |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 2e14f22d3..054cf4896 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -2,22 +2,22 @@ | |||
2 | # Description: A free, fast-paced crossplatform first-person shooter | 2 | # Description: A free, fast-paced crossplatform first-person shooter |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xonotic.local | 5 | include xonotic.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xonotic | 9 | noblacklist ${HOME}/.xonotic |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.xonotic | 17 | mkdir ${HOME}/.xonotic |
18 | whitelist ${HOME}/.xonotic | 18 | whitelist ${HOME}/.xonotic |
19 | include /etc/firejail/whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 10dfea2a7..4a82942ad 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -2,21 +2,21 @@ | |||
2 | # Description: Portable Document Format (PDF) reader | 2 | # Description: Portable Document Format (PDF) reader |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xpdf.local | 5 | include xpdf.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xpdfrc | 9 | noblacklist ${HOME}/.xpdfrc |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile index a422b9989..78252c134 100644 --- a/etc/xplayer-audio-preview.profile +++ b/etc/xplayer-audio-preview.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for xplayer-audio-preview | 1 | # Firejail profile for xplayer-audio-preview |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xplayer-audio-preview.local | 4 | include xplayer-audio-preview.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile index 1ec5250bf..ac8986c69 100644 --- a/etc/xplayer-video-thumbnailer.profile +++ b/etc/xplayer-video-thumbnailer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for xplayer-video-thumbnailer | 1 | # Firejail profile for xplayer-video-thumbnailer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xplayer-video-thumbnailer.local | 4 | include xplayer-video-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index ba43f328c..b8297295a 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for xplayer | 1 | # Firejail profile for xplayer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xplayer.local | 4 | include xplayer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xplayer | 8 | noblacklist ${HOME}/.config/xplayer |
9 | noblacklist ${HOME}/.local/share/xplayer | 9 | noblacklist ${HOME}/.local/share/xplayer |
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* | |||
16 | noblacklist /usr/lib/python2* | 16 | noblacklist /usr/lib/python2* |
17 | noblacklist /usr/lib/python3* | 17 | noblacklist /usr/lib/python3* |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include disable-devel.inc |
21 | include /etc/firejail/disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | # apparmor - makes settings immutable | 28 | # apparmor - makes settings immutable |
29 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/xpra.profile b/etc/xpra.profile index 34ce0276c..23f3294bd 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Tool to detach/reattach running X programs | 2 | # Description: Tool to detach/reattach running X programs |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xpra.local | 5 | include xpra.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # | 9 | # |
10 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. | 10 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. |
@@ -22,11 +22,11 @@ noblacklist ${PATH}/python3* | |||
22 | noblacklist /usr/lib/python2* | 22 | noblacklist /usr/lib/python2* |
23 | noblacklist /usr/lib/python3* | 23 | noblacklist /usr/lib/python3* |
24 | 24 | ||
25 | include /etc/firejail/disable-common.inc | 25 | include disable-common.inc |
26 | include /etc/firejail/disable-devel.inc | 26 | include disable-devel.inc |
27 | include /etc/firejail/disable-interpreters.inc | 27 | include disable-interpreters.inc |
28 | include /etc/firejail/disable-passwdmgr.inc | 28 | include disable-passwdmgr.inc |
29 | include /etc/firejail/disable-programs.inc | 29 | include disable-programs.inc |
30 | 30 | ||
31 | whitelist /var/lib/xkb | 31 | whitelist /var/lib/xkb |
32 | # whitelisting home directory, or including whitelist-common.inc | 32 | # whitelisting home directory, or including whitelist-common.inc |
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile index 4c42c147c..2d7e7644c 100644 --- a/etc/xreader-previewer.profile +++ b/etc/xreader-previewer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for xreader-previewer | 1 | # Firejail profile for xreader-previewer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xreader-previewer.local | 4 | include xreader-previewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile index bc0bcbb67..d463787e6 100644 --- a/etc/xreader-thumbnailer.profile +++ b/etc/xreader-thumbnailer.profile | |||
@@ -1,10 +1,10 @@ | |||
1 | # Firejail profile for xreader-thumbnailer | 1 | # Firejail profile for xreader-thumbnailer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xreader-thumbnailer.local | 4 | include xreader-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include /etc/firejail/xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xreader.profile b/etc/xreader.profile index d6acbc1f0..a879e8b04 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -2,23 +2,23 @@ | |||
2 | # Description: Document viewer for files like PDF and Postscript. X-Apps Project. | 2 | # Description: Document viewer for files like PDF and Postscript. X-Apps Project. |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xreader.local | 5 | include xreader.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xreader | 9 | noblacklist ${HOME}/.cache/xreader |
10 | noblacklist ${HOME}/.config/xreader | 10 | noblacklist ${HOME}/.config/xreader |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | # Breaks xreader on Mint 18.3 | 20 | # Breaks xreader on Mint 18.3 |
21 | # include /etc/firejail/whitelist-var-common.inc | 21 | # include whitelist-var-common.inc |
22 | 22 | ||
23 | # apparmor | 23 | # apparmor |
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 8eb2ec4c3..e6185807e 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -1,22 +1,22 @@ | |||
1 | # Firejail profile for xviewer | 1 | # Firejail profile for xviewer |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xviewer.local | 4 | include xviewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
9 | noblacklist ${HOME}/.config/xviewer | 9 | noblacklist ${HOME}/.config/xviewer |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | # apparmor - makes settings immutable | 21 | # apparmor - makes settings immutable |
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/xxd.profile b/etc/xxd.profile index baee905b7..f5072da75 100644 --- a/etc/xxd.profile +++ b/etc/xxd.profile | |||
@@ -2,10 +2,10 @@ | |||
2 | # Description: Tool to make (or reverse) a hex dump | 2 | # Description: Tool to make (or reverse) a hex dump |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/xxd.local | 5 | include xxd.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include /etc/firejail/vim.profile | 11 | include vim.profile |
diff --git a/etc/xz.profile b/etc/xz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xz.profile +++ b/etc/xz.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzcat.profile b/etc/xzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcat.profile +++ b/etc/xzcat.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcmp.profile +++ b/etc/xzcmp.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 2664953f0..6c12f7d55 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -3,10 +3,10 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/xzdec.local | 6 | include xzdec.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included default.profile | 8 | # added by included default.profile |
9 | #include /etc/firejail/globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | 12 | ||
@@ -24,4 +24,4 @@ tracelog | |||
24 | 24 | ||
25 | private-dev | 25 | private-dev |
26 | 26 | ||
27 | include /etc/firejail/default.profile | 27 | include default.profile |
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzdiff.profile +++ b/etc/xzdiff.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzegrep.profile +++ b/etc/xzegrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzfgrep.profile +++ b/etc/xzfgrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzgrep.profile +++ b/etc/xzgrep.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzless.profile b/etc/xzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzless.profile +++ b/etc/xzless.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/xzmore.profile b/etc/xzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzmore.profile +++ b/etc/xzmore.profile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | 5 | ||
6 | # Redirect | 6 | # Redirect |
7 | include /etc/firejail/cpio.profile | 7 | include cpio.profile |
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile index fdb7694a5..680bef677 100644 --- a/etc/yandex-browser.profile +++ b/etc/yandex-browser.profile | |||
@@ -1,9 +1,9 @@ | |||
1 | # Firejail profile for yandex-browser | 1 | # Firejail profile for yandex-browser |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/yandex-browser.local | 4 | include yandex-browser.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/yandex-browser | 8 | noblacklist ${HOME}/.cache/yandex-browser |
9 | noblacklist ${HOME}/.cache/yandex-browser-beta | 9 | noblacklist ${HOME}/.cache/yandex-browser-beta |
@@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser | |||
20 | whitelist ${HOME}/.config/yandex-browser-beta | 20 | whitelist ${HOME}/.config/yandex-browser-beta |
21 | 21 | ||
22 | # Redirect | 22 | # Redirect |
23 | include /etc/firejail/chromium-common.profile | 23 | include chromium-common.profile |
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 3a224c391..a9868b5ac 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -3,9 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include /etc/firejail/youtube-dl.local | 6 | include youtube-dl.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include /etc/firejail/globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* | |||
17 | noblacklist /usr/lib/python2* | 17 | noblacklist /usr/lib/python2* |
18 | noblacklist /usr/lib/python3* | 18 | noblacklist /usr/lib/python3* |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include disable-devel.inc |
22 | include /etc/firejail/disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include /etc/firejail/disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
24 | include /etc/firejail/disable-programs.inc | 24 | include disable-programs.inc |
25 | include /etc/firejail/disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | include /etc/firejail/whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | ipc-namespace | 30 | ipc-namespace |
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 1cacfc430..cc572cbfe 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile | |||
@@ -2,9 +2,9 @@ | |||
2 | # Description: Integrated penetration testing tool for finding vulnerabilities in web applications | 2 | # Description: Integrated penetration testing tool for finding vulnerabilities in web applications |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/zaproxy.local | 5 | include zaproxy.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
10 | noblacklist ${HOME}/.ZAP | 10 | noblacklist ${HOME}/.ZAP |
@@ -15,17 +15,17 @@ noblacklist /usr/lib/java | |||
15 | noblacklist /etc/java | 15 | noblacklist /etc/java |
16 | noblacklist /usr/share/java | 16 | noblacklist /usr/share/java |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include disable-common.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include disable-devel.inc |
20 | include /etc/firejail/disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include /etc/firejail/disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include /etc/firejail/disable-programs.inc | 22 | include disable-programs.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.ZAP | 24 | mkdir ${HOME}/.ZAP |
25 | whitelist ${HOME}/.java | 25 | whitelist ${HOME}/.java |
26 | whitelist ${HOME}/.ZAP | 26 | whitelist ${HOME}/.ZAP |
27 | include /etc/firejail/whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | ipc-namespace | 31 | ipc-namespace |
diff --git a/etc/zart.profile b/etc/zart.profile index 4ed39e9ce..32df94841 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -2,19 +2,19 @@ | |||
2 | # Description: A GUI for G'MIC real-time manipulations on the output of a webcam | 2 | # Description: A GUI for G'MIC real-time manipulations on the output of a webcam |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/zart.local | 5 | include zart.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | noblacklist ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/zathura.profile b/etc/zathura.profile index 59a154df1..2eee47fa0 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -2,20 +2,20 @@ | |||
2 | # Description: Document viewer with a minimalistic interface | 2 | # Description: Document viewer with a minimalistic interface |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include /etc/firejail/zathura.local | 5 | include zathura.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/zathura | 9 | noblacklist ${HOME}/.config/zathura |
10 | noblacklist ${HOME}/.local/share/zathura | 10 | noblacklist ${HOME}/.local/share/zathura |
11 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include disable-devel.inc |
15 | include /etc/firejail/disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | machine-id | 21 | machine-id |
diff --git a/etc/zoom.profile b/etc/zoom.profile index 419c25f18..4fbf7ca01 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
@@ -1,21 +1,21 @@ | |||
1 | # Firejail profile for zoom | 1 | # Firejail profile for zoom |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/zoom.local | 4 | include zoom.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/zoomus.conf | 8 | noblacklist ${HOME}/.config/zoomus.conf |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.zoom | 15 | mkdir ${HOME}/.zoom |
16 | whitelist ${HOME}/.cache/zoom | 16 | whitelist ${HOME}/.cache/zoom |
17 | whitelist ${HOME}/.zoom | 17 | whitelist ${HOME}/.zoom |
18 | include /etc/firejail/whitelist-common.inc | 18 | include whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 441042233..8145c1bb5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -458,7 +458,8 @@ void fs_mnt(const int enforce); | |||
458 | 458 | ||
459 | // profile.c | 459 | // profile.c |
460 | // find and read the profile specified by name from dir directory | 460 | // find and read the profile specified by name from dir directory |
461 | int profile_find(const char *name, const char *dir); | 461 | int profile_find(const char *name, const char *dir, int add_ext); |
462 | int profile_find_firejail(const char *name, int add_ext); | ||
462 | // read a profile file | 463 | // read a profile file |
463 | void profile_read(const char *fname); | 464 | void profile_read(const char *fname); |
464 | // check profile line; if line == 0, this was generated from a command line option | 465 | // check profile line; if line == 0, this was generated from a command line option |
@@ -496,7 +497,7 @@ int arp_check(const char *dev, uint32_t destaddr); | |||
496 | uint32_t arp_assign(const char *dev, Bridge *br); | 497 | uint32_t arp_assign(const char *dev, Bridge *br); |
497 | 498 | ||
498 | // macros.c | 499 | // macros.c |
499 | char *expand_home(const char *path, const char *homedir); | 500 | char *expand_macros(const char *path); |
500 | char *resolve_macro(const char *name); | 501 | char *resolve_macro(const char *name); |
501 | void invalid_filename(const char *fname, int globbing); | 502 | void invalid_filename(const char *fname, int globbing); |
502 | int is_macro(const char *name); | 503 | int is_macro(const char *name); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 9f0dac4e0..f70c5ac8a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -257,8 +257,6 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[ | |||
257 | 257 | ||
258 | // blacklist files or directories by mounting empty files on top of them | 258 | // blacklist files or directories by mounting empty files on top of them |
259 | void fs_blacklist(void) { | 259 | void fs_blacklist(void) { |
260 | char *homedir = cfg.homedir; | ||
261 | assert(homedir); | ||
262 | ProfileEntry *entry = cfg.profile; | 260 | ProfileEntry *entry = cfg.profile; |
263 | if (!entry) | 261 | if (!entry) |
264 | return; | 262 | return; |
@@ -335,7 +333,7 @@ void fs_blacklist(void) { | |||
335 | enames = calloc(2, sizeof(char *)); | 333 | enames = calloc(2, sizeof(char *)); |
336 | if (!enames) | 334 | if (!enames) |
337 | errExit("calloc"); | 335 | errExit("calloc"); |
338 | enames[0] = expand_home(entry->data + 12, homedir); | 336 | enames[0] = expand_macros(entry->data + 12); |
339 | assert(enames[1] == 0); | 337 | assert(enames[1] == 0); |
340 | } | 338 | } |
341 | 339 | ||
@@ -401,7 +399,7 @@ void fs_blacklist(void) { | |||
401 | } | 399 | } |
402 | 400 | ||
403 | // replace home macro in blacklist array | 401 | // replace home macro in blacklist array |
404 | char *new_name = expand_home(ptr, homedir); | 402 | char *new_name = expand_macros(ptr); |
405 | ptr = new_name; | 403 | ptr = new_name; |
406 | 404 | ||
407 | // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories | 405 | // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 42c67452c..47261d7c1 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -355,7 +355,7 @@ void fs_check_private_dir(void) { | |||
355 | invalid_filename(cfg.home_private, 0); // no globbing | 355 | invalid_filename(cfg.home_private, 0); // no globbing |
356 | 356 | ||
357 | // Expand the home directory | 357 | // Expand the home directory |
358 | char *tmp = expand_home(cfg.home_private, cfg.homedir); | 358 | char *tmp = expand_macros(cfg.home_private); |
359 | cfg.home_private = realpath(tmp, NULL); | 359 | cfg.home_private = realpath(tmp, NULL); |
360 | free(tmp); | 360 | free(tmp); |
361 | 361 | ||
@@ -378,7 +378,7 @@ static char *check_dir_or_file(const char *name) { | |||
378 | printf("Private home: checking %s\n", name); | 378 | printf("Private home: checking %s\n", name); |
379 | 379 | ||
380 | // expand home directory | 380 | // expand home directory |
381 | char *fname = expand_home(name, cfg.homedir); | 381 | char *fname = expand_macros(name); |
382 | assert(fname); | 382 | assert(fname); |
383 | 383 | ||
384 | // If it doesn't start with '/', it must be relative to homedir | 384 | // If it doesn't start with '/', it must be relative to homedir |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 1884f6597..1fbb073f4 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -189,7 +189,7 @@ void fs_resolvconf(void) { | |||
189 | char *fs_check_hosts_file(const char *fname) { | 189 | char *fs_check_hosts_file(const char *fname) { |
190 | assert(fname); | 190 | assert(fname); |
191 | invalid_filename(fname, 0); // no globbing | 191 | invalid_filename(fname, 0); // no globbing |
192 | char *rv = expand_home(fname, cfg.homedir); | 192 | char *rv = expand_macros(fname); |
193 | 193 | ||
194 | // no a link | 194 | // no a link |
195 | if (is_link(rv)) | 195 | if (is_link(rv)) |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index b66068a95..913f7502d 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -60,7 +60,7 @@ void fs_mkdir(const char *name) { | |||
60 | 60 | ||
61 | // check directory name | 61 | // check directory name |
62 | invalid_filename(name, 0); // no globbing | 62 | invalid_filename(name, 0); // no globbing |
63 | char *expanded = expand_home(name, cfg.homedir); | 63 | char *expanded = expand_macros(name); |
64 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && | 64 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
65 | strncmp(expanded, "/tmp", 4) != 0) { | 65 | strncmp(expanded, "/tmp", 4) != 0) { |
66 | fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); | 66 | fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); |
@@ -100,7 +100,7 @@ void fs_mkfile(const char *name) { | |||
100 | 100 | ||
101 | // check file name | 101 | // check file name |
102 | invalid_filename(name, 0); // no globbing | 102 | invalid_filename(name, 0); // no globbing |
103 | char *expanded = expand_home(name, cfg.homedir); | 103 | char *expanded = expand_macros(name); |
104 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && | 104 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
105 | strncmp(expanded, "/tmp", 4) != 0) { | 105 | strncmp(expanded, "/tmp", 4) != 0) { |
106 | fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); | 106 | fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 454715a71..8ef948239 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -368,7 +368,7 @@ void fs_whitelist(void) { | |||
368 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 368 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
369 | 369 | ||
370 | // replace ~/ or ${HOME} into /home/username or resolve macro | 370 | // replace ~/ or ${HOME} into /home/username or resolve macro |
371 | new_name = expand_home(dataptr, cfg.homedir); | 371 | new_name = expand_macros(dataptr); |
372 | assert(new_name); | 372 | assert(new_name); |
373 | 373 | ||
374 | // mount empty home directory if resolving the macro was not successful | 374 | // mount empty home directory if resolving the macro was not successful |
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 4bf3d3589..59b5db3d8 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
@@ -192,9 +192,8 @@ char *resolve_macro(const char *name) { | |||
192 | // directory (supplied). | 192 | // directory (supplied). |
193 | // The return value is allocated using malloc and must be freed by the caller. | 193 | // The return value is allocated using malloc and must be freed by the caller. |
194 | // The function returns NULL if there are any errors. | 194 | // The function returns NULL if there are any errors. |
195 | char *expand_home(const char *path, const char *homedir) { | 195 | char *expand_macros(const char *path) { |
196 | assert(path); | 196 | assert(path); |
197 | assert(homedir); | ||
198 | 197 | ||
199 | int called_as_root = 0; | 198 | int called_as_root = 0; |
200 | 199 | ||
@@ -210,14 +209,14 @@ char *expand_home(const char *path, const char *homedir) { | |||
210 | // Replace home macro | 209 | // Replace home macro |
211 | char *new_name = NULL; | 210 | char *new_name = NULL; |
212 | if (strncmp(path, "${HOME}", 7) == 0) { | 211 | if (strncmp(path, "${HOME}", 7) == 0) { |
213 | if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) | 212 | if (asprintf(&new_name, "%s%s", cfg.homedir, path + 7) == -1) |
214 | errExit("asprintf"); | 213 | errExit("asprintf"); |
215 | if(called_as_root) | 214 | if(called_as_root) |
216 | EUID_ROOT(); | 215 | EUID_ROOT(); |
217 | return new_name; | 216 | return new_name; |
218 | } | 217 | } |
219 | else if (*path == '~') { | 218 | else if (*path == '~') { |
220 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) | 219 | if (asprintf(&new_name, "%s%s", cfg.homedir, path + 1) == -1) |
221 | errExit("asprintf"); | 220 | errExit("asprintf"); |
222 | if(called_as_root) | 221 | if(called_as_root) |
223 | EUID_ROOT(); | 222 | EUID_ROOT(); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 315a7260a..680ce5800 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -868,6 +868,7 @@ int main(int argc, char **argv) { | |||
868 | 868 | ||
869 | // check if the user is allowed to use firejail | 869 | // check if the user is allowed to use firejail |
870 | init_cfg(argc, argv); | 870 | init_cfg(argc, argv); |
871 | assert(cfg.homedir); | ||
871 | 872 | ||
872 | // get starting timestamp, process --quiet | 873 | // get starting timestamp, process --quiet |
873 | start_timestamp = getticks(); | 874 | start_timestamp = getticks(); |
@@ -1480,12 +1481,37 @@ int main(int argc, char **argv) { | |||
1480 | exit(1); | 1481 | exit(1); |
1481 | } | 1482 | } |
1482 | 1483 | ||
1483 | char *ppath = expand_home(argv[i] + 10, cfg.homedir); | 1484 | char *ppath = expand_macros(argv[i] + 10); |
1484 | if (!ppath) | 1485 | if (!ppath) |
1485 | errExit("strdup"); | 1486 | errExit("strdup"); |
1486 | 1487 | ||
1487 | profile_read(ppath); | 1488 | if (access(ppath, R_OK)) { |
1488 | custom_profile = 1; | 1489 | char *ptr = ppath; |
1490 | while (*ptr != '/' && *ptr != '.' && *ptr != '\0') | ||
1491 | ptr++; | ||
1492 | // profile path contains no / or . chars, | ||
1493 | // assume its a profile name | ||
1494 | if (*ptr != '\0') { | ||
1495 | fprintf(stderr, "Error: inaccessible profile file: %s\n", ppath); | ||
1496 | exit(1); | ||
1497 | } | ||
1498 | |||
1499 | // profile was not read in previously, try to see if | ||
1500 | // we were given a profile name. | ||
1501 | if (!profile_find_firejail(ppath, 1)) { | ||
1502 | // do not fall through to default profile, | ||
1503 | // because the user should be notified that | ||
1504 | // given profile arg could not be used. | ||
1505 | fprintf(stderr, "Error: no profile with name \"%s\" found.\n", ppath); | ||
1506 | exit(1); | ||
1507 | } | ||
1508 | else | ||
1509 | custom_profile = 1; | ||
1510 | } | ||
1511 | else { | ||
1512 | profile_read(ppath); | ||
1513 | custom_profile = 1; | ||
1514 | } | ||
1489 | free(ppath); | 1515 | free(ppath); |
1490 | } | 1516 | } |
1491 | else if (strcmp(argv[i], "--noprofile") == 0) { | 1517 | else if (strcmp(argv[i], "--noprofile") == 0) { |
@@ -2326,21 +2352,8 @@ int main(int argc, char **argv) { | |||
2326 | 2352 | ||
2327 | 2353 | ||
2328 | // load the profile | 2354 | // load the profile |
2329 | if (!arg_noprofile) { | 2355 | if (!arg_noprofile && !custom_profile) { |
2330 | if (!custom_profile) { | 2356 | custom_profile = profile_find_firejail(cfg.command_name, 1); |
2331 | // look for a profile in ~/.config/firejail directory | ||
2332 | char *usercfgdir; | ||
2333 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
2334 | errExit("asprintf"); | ||
2335 | int rv = profile_find(cfg.command_name, usercfgdir); | ||
2336 | free(usercfgdir); | ||
2337 | custom_profile = rv; | ||
2338 | } | ||
2339 | if (!custom_profile) { | ||
2340 | // look for a user profile in /etc/firejail directory | ||
2341 | int rv = profile_find(cfg.command_name, SYSCONFDIR); | ||
2342 | custom_profile = rv; | ||
2343 | } | ||
2344 | } | 2357 | } |
2345 | 2358 | ||
2346 | // use default.profile as the default | 2359 | // use default.profile as the default |
@@ -2351,16 +2364,7 @@ int main(int argc, char **argv) { | |||
2351 | if (arg_debug) | 2364 | if (arg_debug) |
2352 | printf("Attempting to find %s.profile...\n", profile_name); | 2365 | printf("Attempting to find %s.profile...\n", profile_name); |
2353 | 2366 | ||
2354 | // look for the profile in ~/.config/firejail directory | 2367 | custom_profile = profile_find_firejail(profile_name, 1); |
2355 | char *usercfgdir; | ||
2356 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
2357 | errExit("asprintf"); | ||
2358 | custom_profile = profile_find(profile_name, usercfgdir); | ||
2359 | free(usercfgdir); | ||
2360 | |||
2361 | if (!custom_profile) | ||
2362 | // look for the profile in /etc/firejail directory | ||
2363 | custom_profile = profile_find(profile_name, SYSCONFDIR); | ||
2364 | 2368 | ||
2365 | if (!custom_profile) { | 2369 | if (!custom_profile) { |
2366 | fprintf(stderr, "Error: no default.profile installed\n"); | 2370 | fprintf(stderr, "Error: no default.profile installed\n"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index db58d2e0b..c7c8fd9fa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -25,26 +25,29 @@ extern char *xephyr_screen; | |||
25 | #define MAX_READ 8192 // line buffer for profile files | 25 | #define MAX_READ 8192 // line buffer for profile files |
26 | 26 | ||
27 | // find and read the profile specified by name from dir directory | 27 | // find and read the profile specified by name from dir directory |
28 | int profile_find(const char *name, const char *dir) { | 28 | int profile_find(const char *name, const char *dir, int add_ext) { |
29 | EUID_ASSERT(); | 29 | EUID_ASSERT(); |
30 | assert(name); | 30 | assert(name); |
31 | assert(dir); | 31 | assert(dir); |
32 | 32 | ||
33 | int rv = 0; | 33 | int rv = 0; |
34 | DIR *dp; | 34 | DIR *dp; |
35 | char *pname; | 35 | char *pname = NULL; |
36 | if (asprintf(&pname, "%s.profile", name) == -1) | 36 | if (add_ext) |
37 | errExit("asprintf"); | 37 | if (asprintf(&pname, "%s.profile", name) == -1) |
38 | errExit("asprintf"); | ||
39 | else | ||
40 | name = pname; | ||
38 | 41 | ||
39 | dp = opendir (dir); | 42 | dp = opendir (dir); |
40 | if (dp != NULL) { | 43 | if (dp != NULL) { |
41 | struct dirent *ep; | 44 | struct dirent *ep; |
42 | while ((ep = readdir(dp)) != NULL) { | 45 | while ((ep = readdir(dp)) != NULL) { |
43 | if (strcmp(ep->d_name, pname) == 0) { | 46 | if (strcmp(ep->d_name, name) == 0) { |
44 | if (arg_debug) | 47 | if (arg_debug) |
45 | printf("Found %s profile in %s directory\n", name, dir); | 48 | printf("Found %s profile in %s directory\n", name, dir); |
46 | char *etcpname; | 49 | char *etcpname; |
47 | if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) | 50 | if (asprintf(&etcpname, "%s/%s", dir, name) == -1) |
48 | errExit("asprintf"); | 51 | errExit("asprintf"); |
49 | profile_read(etcpname); | 52 | profile_read(etcpname); |
50 | free(etcpname); | 53 | free(etcpname); |
@@ -55,10 +58,26 @@ int profile_find(const char *name, const char *dir) { | |||
55 | (void) closedir (dp); | 58 | (void) closedir (dp); |
56 | } | 59 | } |
57 | 60 | ||
58 | free(pname); | 61 | if (pname) |
62 | free(pname); | ||
59 | return rv; | 63 | return rv; |
60 | } | 64 | } |
61 | 65 | ||
66 | // search and read the profile specified by name from firejail directories | ||
67 | int profile_find_firejail(const char *name, int add_ext) { | ||
68 | // look for a profile in ~/.config/firejail directory | ||
69 | char *usercfgdir; | ||
70 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
71 | errExit("asprintf"); | ||
72 | int rv = profile_find(name, usercfgdir, add_ext); | ||
73 | free(usercfgdir); | ||
74 | |||
75 | if (!rv) | ||
76 | // look for a user profile in /etc/firejail directory | ||
77 | rv = profile_find(name, SYSCONFDIR, add_ext); | ||
78 | |||
79 | return rv; | ||
80 | } | ||
62 | 81 | ||
63 | //*************************************************** | 82 | //*************************************************** |
64 | // run-time profiles | 83 | // run-time profiles |
@@ -113,12 +132,99 @@ void profile_add_ignore(const char *str) { | |||
113 | } | 132 | } |
114 | 133 | ||
115 | 134 | ||
135 | int profile_check_conditional(char *ptr, int lineno, const char *fname) { | ||
136 | struct cond_t { | ||
137 | char *name; // conditional name | ||
138 | size_t len; // length of name | ||
139 | bool value; // true if set | ||
140 | } conditionals[] = { | ||
141 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, | ||
142 | NULL | ||
143 | }, *cond = conditionals; | ||
144 | char *tmp = ptr, *msg = NULL; | ||
145 | |||
146 | if (*ptr++ != '?') | ||
147 | return 1; | ||
148 | |||
149 | while (cond->name) { | ||
150 | // continue if not this conditional | ||
151 | if (strncmp(ptr, cond->name, cond->len) != 0) { | ||
152 | cond++; | ||
153 | continue; | ||
154 | } | ||
155 | ptr += cond->len; | ||
156 | |||
157 | if (*ptr == ' ') | ||
158 | ptr++; | ||
159 | if (*ptr++ != ':') { | ||
160 | msg = "invalid syntax: colon must come after conditional"; | ||
161 | ptr = tmp; | ||
162 | goto error; | ||
163 | } | ||
164 | if (*ptr == '\0') { | ||
165 | msg = "invalid conditional line: no profile line after conditional"; | ||
166 | ptr = tmp; | ||
167 | goto error; | ||
168 | } | ||
169 | if (*ptr == ' ') | ||
170 | ptr++; | ||
171 | |||
172 | // if set, continue processing statement in caller | ||
173 | if (cond->value) { | ||
174 | // move ptr to start of profile line | ||
175 | ptr = strdup(ptr); | ||
176 | if (!ptr) | ||
177 | errExit("strdup"); | ||
178 | |||
179 | // check that the profile line does not contain either | ||
180 | // quiet or include directives | ||
181 | if ((strncmp(ptr, "quiet", 5) == 0) || | ||
182 | (strncmp(ptr, "include", 7) == 0)) { | ||
183 | msg = "invalid profile line: quiet and include not allowed in conditionals"; | ||
184 | ptr = tmp; | ||
185 | goto error; | ||
186 | } | ||
187 | free(tmp); | ||
188 | |||
189 | // verify syntax, exit in case of error | ||
190 | if (profile_check_line(ptr, lineno, fname)) | ||
191 | profile_add(ptr); | ||
192 | } | ||
193 | // tell caller to ignore | ||
194 | return 0; | ||
195 | } | ||
196 | |||
197 | tmp = ptr; | ||
198 | // get the conditional used | ||
199 | while (*tmp != ':' && *tmp != '\0') | ||
200 | tmp++; | ||
201 | *tmp = '\0'; | ||
202 | |||
203 | // this was a '?' prefix, but didn't match any of the conditionals | ||
204 | msg = "invalid/unsupported conditional"; | ||
205 | |||
206 | error: | ||
207 | fprintf(stderr, "Error: %s (\"%s\"", msg, ptr); | ||
208 | if (lineno == 0) ; | ||
209 | else if (fname != NULL) | ||
210 | fprintf(stderr, " on line %d in %s", lineno, fname); | ||
211 | else | ||
212 | fprintf(stderr, " on line %d in the custom profile", lineno); | ||
213 | fprintf(stderr, ")\n"); | ||
214 | exit(1); | ||
215 | } | ||
216 | |||
217 | |||
116 | // check profile line; if line == 0, this was generated from a command line option | 218 | // check profile line; if line == 0, this was generated from a command line option |
117 | // return 1 if the command is to be added to the linked list of profile commands | 219 | // return 1 if the command is to be added to the linked list of profile commands |
118 | // return 0 if the command was already executed inside the function | 220 | // return 0 if the command was already executed inside the function |
119 | int profile_check_line(char *ptr, int lineno, const char *fname) { | 221 | int profile_check_line(char *ptr, int lineno, const char *fname) { |
120 | EUID_ASSERT(); | 222 | EUID_ASSERT(); |
121 | 223 | ||
224 | // check and process conditional profile lines | ||
225 | if (profile_check_conditional(ptr, lineno, fname) == 0) | ||
226 | return 0; | ||
227 | |||
122 | // check ignore list | 228 | // check ignore list |
123 | if (is_in_ignore_list(ptr)) | 229 | if (is_in_ignore_list(ptr)) |
124 | return 0; | 230 | return 0; |
@@ -1261,7 +1367,7 @@ void profile_read(const char *fname) { | |||
1261 | if (ptr && strlen(ptr) == 6) | 1367 | if (ptr && strlen(ptr) == 6) |
1262 | return; | 1368 | return; |
1263 | 1369 | ||
1264 | fprintf(stderr, "Error: cannot access profile file\n"); | 1370 | fprintf(stderr, "Error: cannot access profile file: %s\n", fname); |
1265 | exit(1); | 1371 | exit(1); |
1266 | } | 1372 | } |
1267 | 1373 | ||
@@ -1323,17 +1429,22 @@ void profile_read(const char *fname) { | |||
1323 | if (strncmp(ptr, "include ", 8) == 0) { | 1429 | if (strncmp(ptr, "include ", 8) == 0) { |
1324 | include_level++; | 1430 | include_level++; |
1325 | 1431 | ||
1326 | // extract profile filename and new skip params | 1432 | // expand macros in front of the include profile file |
1327 | char *newprofile = ptr + 8; // profile name | 1433 | char *newprofile = expand_macros(ptr + 8); |
1328 | 1434 | ||
1329 | // expand ${HOME}/ in front of the new profile file | 1435 | char *ptr2 = newprofile; |
1330 | char *newprofile2 = expand_home(newprofile, cfg.homedir); | 1436 | while (*ptr2 != '/' && *ptr2 != '\0') |
1437 | ptr2++; | ||
1438 | // profile path contains no / chars, do a search | ||
1439 | if (*ptr2 == '\0') { | ||
1440 | profile_find_firejail(newprofile, 0); | ||
1441 | } | ||
1442 | else { | ||
1443 | profile_read(newprofile); | ||
1444 | } | ||
1331 | 1445 | ||
1332 | // recursivity | ||
1333 | profile_read((newprofile2)? newprofile2:newprofile); | ||
1334 | include_level--; | 1446 | include_level--; |
1335 | if (newprofile2) | 1447 | free(newprofile); |
1336 | free(newprofile2); | ||
1337 | free(ptr); | 1448 | free(ptr); |
1338 | continue; | 1449 | continue; |
1339 | } | 1450 | } |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index f54e6f744..b8f8b4f2f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -164,7 +164,7 @@ static char *usage_str = | |||
164 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" | 164 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" |
165 | " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" | 165 | " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" |
166 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" | 166 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" |
167 | " --profile=filename - use a custom profile.\n" | 167 | " --profile=filename|profile_name - use a custom profile.\n" |
168 | " --profile.print=name|pid - print the name of profile file.\n" | 168 | " --profile.print=name|pid - print the name of profile file.\n" |
169 | " --profile-path=directory - use this directory to look for profile files.\n" | 169 | " --profile-path=directory - use this directory to look for profile files.\n" |
170 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" | 170 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 17562c503..e26b5f989 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -5,12 +5,14 @@ profile \- Security profile file syntax for Firejail | |||
5 | .SH USAGE | 5 | .SH USAGE |
6 | .TP | 6 | .TP |
7 | firejail \-\-profile=filename.profile | 7 | firejail \-\-profile=filename.profile |
8 | .RE | ||
9 | firejail \-\-profile=profile_name | ||
8 | 10 | ||
9 | .SH DESCRIPTION | 11 | .SH DESCRIPTION |
10 | Several command line options can be passed to the program using | 12 | Several command line options can be passed to the program using |
11 | profile files. Firejail chooses the profile file as follows: | 13 | profile files. Firejail chooses the profile file as follows: |
12 | 14 | ||
13 | \fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. | 15 | \fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. |
14 | Example: | 16 | Example: |
15 | .PP | 17 | .PP |
16 | .RS | 18 | .RS |
@@ -21,6 +23,15 @@ Reading profile /home/netblue/icecat.profile | |||
21 | [...] | 23 | [...] |
22 | .RE | 24 | .RE |
23 | 25 | ||
26 | .PP | ||
27 | .RS | ||
28 | $ firejail --profile=icecat icecat-wrapper.sh | ||
29 | .br | ||
30 | Reading profile /etc/firejail/icecat.profile | ||
31 | .br | ||
32 | [...] | ||
33 | .RE | ||
34 | |||
24 | \fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or | 35 | \fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or |
25 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: | 36 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: |
26 | .PP | 37 | .PP |
@@ -76,6 +87,18 @@ Example: "blacklist ~/My Virtual Machines" | |||
76 | \fB# this is a comment | 87 | \fB# this is a comment |
77 | 88 | ||
78 | .TP | 89 | .TP |
90 | \fB?CONDITIONAL: profile line | ||
91 | Conditionally add profile line. | ||
92 | |||
93 | Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" | ||
94 | |||
95 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. | ||
96 | |||
97 | Currently the only conditional supported is HAS_APPIMAGE. | ||
98 | |||
99 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. | ||
100 | |||
101 | .TP | ||
79 | \fBinclude other.profile | 102 | \fBinclude other.profile |
80 | Include other.profile file. | 103 | Include other.profile file. |
81 | 104 | ||
@@ -90,6 +113,10 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" | |||
90 | 113 | ||
91 | Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. | 114 | Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. |
92 | 115 | ||
116 | The file name may also be just the name without the leading directory components. In this case, first the user config directory (${HOME}/.config/firejail) is searched for the file name and if not found then the system configuration directory is search for the file name. Note: Unlike the \-\-profile option which takes a profile name without the '.profile' suffix, include must be given the full file name. | ||
117 | |||
118 | Example: "include firefox.profile" will load "${HOME}/.config/firejail/firefox.profile" file and if it does not exist "${CFG}/firefox.profile" will be loaded. | ||
119 | |||
93 | System configuration files in ${CFG} are overwritten during software installation. | 120 | System configuration files in ${CFG} are overwritten during software installation. |
94 | Persistent configuration at system level is handled in ".local" files. For every | 121 | Persistent configuration at system level is handled in ".local" files. For every |
95 | profile file in ${CFG} directory, the user can create a corresponding .local file | 122 | profile file in ${CFG} directory, the user can create a corresponding .local file |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7427b1009..f7d18536d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -395,7 +395,7 @@ $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox | |||
395 | 395 | ||
396 | .TP | 396 | .TP |
397 | \fB\-\-disable-mnt | 397 | \fB\-\-disable-mnt |
398 | Disable /mnt, /media, /run/mount and /run/media access. | 398 | Blacklist /mnt, /media, /run/mount and /run/media access. |
399 | .br | 399 | .br |
400 | 400 | ||
401 | .br | 401 | .br |
@@ -1531,7 +1531,7 @@ drwxrwxrwt 2 nobody nogroup 4096 Apr 30 10:52 .X11-unix | |||
1531 | 1531 | ||
1532 | 1532 | ||
1533 | .TP | 1533 | .TP |
1534 | \fB\-\-profile=filename | 1534 | \fB\-\-profile=filename_or_profilename |
1535 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. | 1535 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. |
1536 | For more information, see \fBSECURITY PROFILES\fR section below. | 1536 | For more information, see \fBSECURITY PROFILES\fR section below. |
1537 | .br | 1537 | .br |
@@ -1681,12 +1681,12 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default). | |||
1681 | _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, | 1681 | _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, |
1682 | create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, | 1682 | create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, |
1683 | io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, | 1683 | io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, |
1684 | kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx, | 1684 | kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx, |
1685 | name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, | 1685 | name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, |
1686 | personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg, | 1686 | personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg, |
1687 | query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, | 1687 | query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, |
1688 | security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot, | 1688 | security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot, |
1689 | swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup, | 1689 | swapoff, swapon, switch_endian, sys_debug_setcontext, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup, |
1690 | vm86, vm86old, vmsplice and vserver. | 1690 | vm86, vm86old, vmsplice and vserver. |
1691 | 1691 | ||
1692 | .br | 1692 | .br |
@@ -2701,7 +2701,7 @@ The owner of the sandbox. | |||
2701 | Several command line options can be passed to the program using | 2701 | Several command line options can be passed to the program using |
2702 | profile files. Firejail chooses the profile file as follows: | 2702 | profile files. Firejail chooses the profile file as follows: |
2703 | 2703 | ||
2704 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. | 2704 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. |
2705 | Example: | 2705 | Example: |
2706 | .PP | 2706 | .PP |
2707 | .RS | 2707 | .RS |
@@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile | |||
2712 | [...] | 2712 | [...] |
2713 | .RE | 2713 | .RE |
2714 | 2714 | ||
2715 | .PP | ||
2716 | .RS | ||
2717 | $ firejail --profile=icecat icecat-wrapper.sh | ||
2718 | .br | ||
2719 | Reading profile /etc/firejail/icecat.profile | ||
2720 | .br | ||
2721 | [...] | ||
2722 | .RE | ||
2723 | |||
2715 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or | 2724 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or |
2716 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: | 2725 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: |
2717 | .PP | 2726 | .PP |