diff options
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | etc/audacious.profile | 8 | ||||
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/disable-passwdmgr.inc | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/gwenview.profile | 6 | ||||
-rw-r--r-- | etc/scribus.profile | 6 | ||||
-rw-r--r-- | etc/thunderbird.profile | 4 |
8 files changed, 30 insertions, 4 deletions
@@ -208,6 +208,8 @@ iiotx (https://github.com/iiotx) | |||
208 | - use generic.profile by default | 208 | - use generic.profile by default |
209 | Impyy (https://github.com/Impyy) | 209 | Impyy (https://github.com/Impyy) |
210 | - added mumble profile | 210 | - added mumble profile |
211 | irregulator (https://github.com/irregulator) | ||
212 | - thunderbird profile fixes for debian stretch | ||
211 | Ivan Kozik (https://github.com/ivan) | 213 | Ivan Kozik (https://github.com/ivan) |
212 | - speed up sandbox exit | 214 | - speed up sandbox exit |
213 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 215 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
@@ -352,6 +354,7 @@ SYN-cook (https://github.com/SYN-cook) | |||
352 | - Scribus profile | 354 | - Scribus profile |
353 | - autostart blacklist for KDE | 355 | - autostart blacklist for KDE |
354 | - blacklist startup scripts | 356 | - blacklist startup scripts |
357 | - various profile updates | ||
355 | startx2017 (https://github.com/startx2017) | 358 | startx2017 (https://github.com/startx2017) |
356 | - syscall list update | 359 | - syscall list update |
357 | - enable/disable join support in /etc/firejail/firejail.config | 360 | - enable/disable join support in /etc/firejail/firejail.config |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 63ba9af9c..d12032166 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -4,13 +4,21 @@ include /etc/firejail/audacious.local | |||
4 | 4 | ||
5 | # Audacious media player profile | 5 | # Audacious media player profile |
6 | noblacklist ~/.config/audacious | 6 | noblacklist ~/.config/audacious |
7 | noblacklist ~/.config/Audaciousrc | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
11 | 12 | ||
12 | caps.drop all | 13 | caps.drop all |
14 | netfilter | ||
13 | nonewprivs | 15 | nonewprivs |
14 | noroot | 16 | noroot |
15 | protocol unix,inet,inet6 | 17 | protocol unix,inet,inet6 |
16 | seccomp | 18 | seccomp |
19 | shell none | ||
20 | tracelog | ||
21 | |||
22 | private-bin audacious | ||
23 | private-dev | ||
24 | private-tmp | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index be3144133..78b41371a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -165,6 +165,7 @@ blacklist ${HOME}/*.key | |||
165 | blacklist ${HOME}/.muttrc | 165 | blacklist ${HOME}/.muttrc |
166 | blacklist ${HOME}/.mutt/muttrc | 166 | blacklist ${HOME}/.mutt/muttrc |
167 | blacklist ${HOME}/.msmtprc | 167 | blacklist ${HOME}/.msmtprc |
168 | blacklist ${HOME}/.pki | ||
168 | blacklist /etc/shadow | 169 | blacklist /etc/shadow |
169 | blacklist /etc/gshadow | 170 | blacklist /etc/gshadow |
170 | blacklist /etc/passwd- | 171 | blacklist /etc/passwd- |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index c4112d4d5..b5260e897 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -2,7 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-passwdmgr.local | 3 | include /etc/firejail/disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.pki/nssdb | ||
6 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
7 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
8 | blacklist ${HOME}/.keepass | 7 | blacklist ${HOME}/.keepass |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6b2b1d994..eeb5bc663 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -20,6 +20,7 @@ blacklist ${HOME}/.bcast5 | |||
20 | blacklist ${HOME}/.claws-mail | 20 | blacklist ${HOME}/.claws-mail |
21 | blacklist ${HOME}/.config/0ad | 21 | blacklist ${HOME}/.config/0ad |
22 | blacklist ${HOME}/.config/Atom | 22 | blacklist ${HOME}/.config/Atom |
23 | blacklist ${HOME}/.config/Audaciousrc | ||
23 | blacklist ${HOME}/.config/Brackets | 24 | blacklist ${HOME}/.config/Brackets |
24 | blacklist ${HOME}/.config/Cryptocat | 25 | blacklist ${HOME}/.config/Cryptocat |
25 | blacklist ${HOME}/.config/Franz | 26 | blacklist ${HOME}/.config/Franz |
@@ -72,6 +73,7 @@ blacklist ${HOME}/.config/google-chrome-beta | |||
72 | blacklist ${HOME}/.config/google-chrome-unstable | 73 | blacklist ${HOME}/.config/google-chrome-unstable |
73 | blacklist ${HOME}./config/gpicview | 74 | blacklist ${HOME}./config/gpicview |
74 | blacklist ${HOME}/.config/gthumb | 75 | blacklist ${HOME}/.config/gthumb |
76 | blacklist ${HOME}/.config/gwenviewrc | ||
75 | blacklist ${HOME}/.config/hexchat | 77 | blacklist ${HOME}/.config/hexchat |
76 | blacklist ${HOME}/.config/inox | 78 | blacklist ${HOME}/.config/inox |
77 | blacklist ${HOME}/.config/jd-gui.cfg | 79 | blacklist ${HOME}/.config/jd-gui.cfg |
@@ -89,6 +91,7 @@ blacklist ${HOME}/.config/nautilus | |||
89 | blacklist ${HOME}/.config/netsurf | 91 | blacklist ${HOME}/.config/netsurf |
90 | blacklist ${HOME}/.config/opera | 92 | blacklist ${HOME}/.config/opera |
91 | blacklist ${HOME}/.config/opera-beta | 93 | blacklist ${HOME}/.config/opera-beta |
94 | blacklist ${HOME}/.config/org.kde.gwenviewrc | ||
92 | blacklist ${HOME}/.config/pix | 95 | blacklist ${HOME}/.config/pix |
93 | blacklist ${HOME}/.config/pluma | 96 | blacklist ${HOME}/.config/pluma |
94 | blacklist ${HOME}/.config/psi+ | 97 | blacklist ${HOME}/.config/psi+ |
@@ -225,12 +228,12 @@ blacklist ${HOME}/.openshot | |||
225 | blacklist ${HOME}/.openshot_qt | 228 | blacklist ${HOME}/.openshot_qt |
226 | blacklist ${HOME}/.opera | 229 | blacklist ${HOME}/.opera |
227 | blacklist ${HOME}/.opera-beta | 230 | blacklist ${HOME}/.opera-beta |
228 | blacklist ${HOME}/.pki | ||
229 | blacklist ${HOME}/.purple | 231 | blacklist ${HOME}/.purple |
230 | blacklist ${HOME}/.qemu-launcher | 232 | blacklist ${HOME}/.qemu-launcher |
231 | blacklist ${HOME}/.remmina | 233 | blacklist ${HOME}/.remmina |
232 | blacklist ${HOME}/.retroshare | 234 | blacklist ${HOME}/.retroshare |
233 | blacklist ${HOME}/.scribus | 235 | blacklist ${HOME}/.scribus |
236 | blacklist ${HOME}/.scribusrc | ||
234 | blacklist ${HOME}/.steam | 237 | blacklist ${HOME}/.steam |
235 | blacklist ${HOME}/.steampath | 238 | blacklist ${HOME}/.steampath |
236 | blacklist ${HOME}/.steampid | 239 | blacklist ${HOME}/.steampid |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index f636792f0..b8067866c 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/gwenview.local | |||
5 | # KDE gwenview profile | 5 | # KDE gwenview profile |
6 | noblacklist ~/.kde/share/apps/gwenview | 6 | noblacklist ~/.kde/share/apps/gwenview |
7 | noblacklist ~/.kde/share/config/gwenviewrc | 7 | noblacklist ~/.kde/share/config/gwenviewrc |
8 | noblacklist ~/.config/gwenviewrc | ||
9 | noblacklist ~/.config/org.kde.gwenviewrc | ||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
10 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
@@ -16,11 +18,11 @@ nonewprivs | |||
16 | noroot | 18 | noroot |
17 | protocol unix | 19 | protocol unix |
18 | seccomp | 20 | seccomp |
19 | nosound | 21 | tracelog |
20 | 22 | ||
21 | private-dev | 23 | private-dev |
22 | 24 | ||
23 | #Experimental: | 25 | # Experimental: |
24 | #shell none | 26 | #shell none |
25 | #private-bin gwenview | 27 | #private-bin gwenview |
26 | #private-etc X11 | 28 | #private-etc X11 |
diff --git a/etc/scribus.profile b/etc/scribus.profile index da2076286..5d0dc5af9 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -5,9 +5,15 @@ include /etc/firejail/scribus.local | |||
5 | # Firejail profile for Scribus | 5 | # Firejail profile for Scribus |
6 | noblacklist ~/.scribus | 6 | noblacklist ~/.scribus |
7 | noblacklist ~/.config/scribus | 7 | noblacklist ~/.config/scribus |
8 | noblacklist ~/.config/scribusrc | ||
8 | noblacklist ~/.local/share/scribus | 9 | noblacklist ~/.local/share/scribus |
9 | noblacklist ~/.gimp* | 10 | noblacklist ~/.gimp* |
10 | 11 | ||
12 | # Support for PDF readers (Scribus 1.5 and higher) | ||
13 | noblacklist ~/.kde/share/apps/okular | ||
14 | noblacklist ~/.kde/share/config/okularrc | ||
15 | noblacklist ~/.kde/share/config/okularpartrc | ||
16 | |||
11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 1dc8b15c7..df1a4cdbb 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -14,6 +14,10 @@ noblacklist ~/.thunderbird | |||
14 | mkdir ~/.thunderbird | 14 | mkdir ~/.thunderbird |
15 | whitelist ~/.thunderbird | 15 | whitelist ~/.thunderbird |
16 | 16 | ||
17 | noblacklist ~/.icedove | ||
18 | mkdir ~/.icedove | ||
19 | whitelist ~/.icedove | ||
20 | |||
17 | # allow browsers | 21 | # allow browsers |
18 | ignore private-tmp | 22 | ignore private-tmp |
19 | include /etc/firejail/firefox.profile | 23 | include /etc/firejail/firefox.profile |