diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 9 | ||||
-rw-r--r-- | etc/profile-m-z/man.profile | 66 | ||||
-rw-r--r-- | etc/profile-m-z/pidgin.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/psi.profile | 78 | ||||
-rw-r--r-- | etc/profile-m-z/smuxi-frontend-gnome.profile | 55 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 |
6 files changed, 213 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 6b0c16d5f..1264caf30 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -285,6 +285,7 @@ blacklist ${HOME}/.config/liferea | |||
285 | blacklist ${HOME}/.config/lugaru | 285 | blacklist ${HOME}/.config/lugaru |
286 | blacklist ${HOME}/.config/lximage-qt | 286 | blacklist ${HOME}/.config/lximage-qt |
287 | blacklist ${HOME}/.config/mailtransports | 287 | blacklist ${HOME}/.config/mailtransports |
288 | blacklist ${HOME}/.local/share/man | ||
288 | blacklist ${HOME}/.config/mana | 289 | blacklist ${HOME}/.config/mana |
289 | blacklist ${HOME}/.config/mate-calc | 290 | blacklist ${HOME}/.config/mate-calc |
290 | blacklist ${HOME}/.config/mate/eom | 291 | blacklist ${HOME}/.config/mate/eom |
@@ -337,6 +338,7 @@ blacklist ${HOME}/.config/pluma | |||
337 | blacklist ${HOME}/.config/ppsspp | 338 | blacklist ${HOME}/.config/ppsspp |
338 | blacklist ${HOME}/.config/pragha | 339 | blacklist ${HOME}/.config/pragha |
339 | blacklist ${HOME}/.config/profanity | 340 | blacklist ${HOME}/.config/profanity |
341 | blacklist ${HOME}/.config/psi | ||
340 | blacklist ${HOME}/.config/psi+ | 342 | blacklist ${HOME}/.config/psi+ |
341 | blacklist ${HOME}/.config/qBittorrent | 343 | blacklist ${HOME}/.config/qBittorrent |
342 | blacklist ${HOME}/.config/qBittorrentrc | 344 | blacklist ${HOME}/.config/qBittorrentrc |
@@ -356,6 +358,7 @@ blacklist ${HOME}/.config/skypeforlinux | |||
356 | blacklist ${HOME}/.config/slimjet | 358 | blacklist ${HOME}/.config/slimjet |
357 | blacklist ${HOME}/.config/smplayer | 359 | blacklist ${HOME}/.config/smplayer |
358 | blacklist ${HOME}/.config/smtube | 360 | blacklist ${HOME}/.config/smtube |
361 | blacklist ${HOME}/.config/smuxi | ||
359 | blacklist ${HOME}/.config/snox | 362 | blacklist ${HOME}/.config/snox |
360 | blacklist ${HOME}/.config/sound-juicer | 363 | blacklist ${HOME}/.config/sound-juicer |
361 | blacklist ${HOME}/.config/specialmailcollectionsrc | 364 | blacklist ${HOME}/.config/specialmailcollectionsrc |
@@ -547,6 +550,7 @@ blacklist ${HOME}/.local/share/Kingsoft | |||
547 | blacklist ${HOME}/.local/share/Mendeley Ltd. | 550 | blacklist ${HOME}/.local/share/Mendeley Ltd. |
548 | blacklist ${HOME}/.local/share/Mumble | 551 | blacklist ${HOME}/.local/share/Mumble |
549 | blacklist ${HOME}/.local/share/PBE | 552 | blacklist ${HOME}/.local/share/PBE |
553 | blacklist ${HOME}/.local/share/Psi | ||
550 | blacklist ${HOME}/.local/share/QGIS | 554 | blacklist ${HOME}/.local/share/QGIS |
551 | blacklist ${HOME}/.local/share/QMediathekView | 555 | blacklist ${HOME}/.local/share/QMediathekView |
552 | blacklist ${HOME}/.local/share/QuiteRss | 556 | blacklist ${HOME}/.local/share/QuiteRss |
@@ -664,6 +668,7 @@ blacklist ${HOME}/.local/share/Paradox Interactive | |||
664 | blacklist ${HOME}/.local/share/pix | 668 | blacklist ${HOME}/.local/share/pix |
665 | blacklist ${HOME}/.local/share/plasma_notes | 669 | blacklist ${HOME}/.local/share/plasma_notes |
666 | blacklist ${HOME}/.local/share/profanity | 670 | blacklist ${HOME}/.local/share/profanity |
671 | blacklist ${HOME}/.local/share/psi | ||
667 | blacklist ${HOME}/.local/share/psi+ | 672 | blacklist ${HOME}/.local/share/psi+ |
668 | blacklist ${HOME}/.local/share/quadrapassel | 673 | blacklist ${HOME}/.local/share/quadrapassel |
669 | blacklist ${HOME}/.local/share/qpdfview | 674 | blacklist ${HOME}/.local/share/qpdfview |
@@ -673,6 +678,7 @@ blacklist ${HOME}/.local/share/rhythmbox | |||
673 | blacklist ${HOME}/.local/share/rtv | 678 | blacklist ${HOME}/.local/share/rtv |
674 | blacklist ${HOME}/.local/share/scribus | 679 | blacklist ${HOME}/.local/share/scribus |
675 | blacklist ${HOME}/.local/share/signal-cli | 680 | blacklist ${HOME}/.local/share/signal-cli |
681 | blacklist ${HOME}/.local/share/smuxi | ||
676 | blacklist ${HOME}/.local/share/spotify | 682 | blacklist ${HOME}/.local/share/spotify |
677 | blacklist ${HOME}/.local/share/steam | 683 | blacklist ${HOME}/.local/share/steam |
678 | blacklist ${HOME}/.local/share/strawberry | 684 | blacklist ${HOME}/.local/share/strawberry |
@@ -832,6 +838,7 @@ blacklist ${HOME}/.cache/INRIA | |||
832 | blacklist ${HOME}/.cache/MusicBrainz | 838 | blacklist ${HOME}/.cache/MusicBrainz |
833 | blacklist ${HOME}/.cache/NewsFlashGTK | 839 | blacklist ${HOME}/.cache/NewsFlashGTK |
834 | blacklist ${HOME}/.cache/Otter | 840 | blacklist ${HOME}/.cache/Otter |
841 | blacklist ${HOME}/.cache/Psi | ||
835 | blacklist ${HOME}/.cache/QuiteRss | 842 | blacklist ${HOME}/.cache/QuiteRss |
836 | blacklist ${HOME}/.cache/Quotient/quaternion | 843 | blacklist ${HOME}/.cache/Quotient/quaternion |
837 | blacklist ${HOME}/.cache/Shortwave | 844 | blacklist ${HOME}/.cache/Shortwave |
@@ -932,12 +939,14 @@ blacklist ${HOME}/.cache/peek | |||
932 | blacklist ${HOME}/.cache/pip | 939 | blacklist ${HOME}/.cache/pip |
933 | blacklist ${HOME}/.cache/plasmashell | 940 | blacklist ${HOME}/.cache/plasmashell |
934 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | 941 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* |
942 | blacklist ${HOME}/.cache/psi | ||
935 | blacklist ${HOME}/.cache/qBittorrent | 943 | blacklist ${HOME}/.cache/qBittorrent |
936 | blacklist ${HOME}/.cache/qupzilla | 944 | blacklist ${HOME}/.cache/qupzilla |
937 | blacklist ${HOME}/.cache/qutebrowser | 945 | blacklist ${HOME}/.cache/qutebrowser |
938 | blacklist ${HOME}/.cache/rhythmbox | 946 | blacklist ${HOME}/.cache/rhythmbox |
939 | blacklist ${HOME}/.cache/simple-scan | 947 | blacklist ${HOME}/.cache/simple-scan |
940 | blacklist ${HOME}/.cache/slimjet | 948 | blacklist ${HOME}/.cache/slimjet |
949 | blacklist ${HOME}/.cache/smuxi | ||
941 | blacklist ${HOME}/.cache/snox | 950 | blacklist ${HOME}/.cache/snox |
942 | blacklist ${HOME}/.cache/spotify | 951 | blacklist ${HOME}/.cache/spotify |
943 | blacklist ${HOME}/.cache/strawberry | 952 | blacklist ${HOME}/.cache/strawberry |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile new file mode 100644 index 000000000..c62d797ea --- /dev/null +++ b/etc/profile-m-z/man.profile | |||
@@ -0,0 +1,66 @@ | |||
1 | # Firejail profile for man | ||
2 | # Description: manpage viewer | ||
3 | quiet | ||
4 | # This file is overwritten after every install/update | ||
5 | # Persistent local customizations | ||
6 | include man.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist ${RUNUSER} | ||
11 | |||
12 | noblacklist ${HOME}/.local/share/man | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | mkdir ${HOME}/.local/share/man | ||
23 | whitelist ${HOME}/.local/share/man | ||
24 | whitelist ${HOME}/.manpath | ||
25 | whitelist /usr/share/groff | ||
26 | whitelist /usr/share/info | ||
27 | whitelist /usr/share/lintian | ||
28 | whitelist /usr/share/locale | ||
29 | whitelist /usr/share/man | ||
30 | whitelist /var/cache/man | ||
31 | include whitelist-common.inc | ||
32 | include whitelist-usr-share-common.inc | ||
33 | include whitelist-var-common.inc | ||
34 | |||
35 | apparmor | ||
36 | caps.drop all | ||
37 | ipc-namespace | ||
38 | machine-id | ||
39 | net none | ||
40 | no3d | ||
41 | nodvd | ||
42 | nogroups | ||
43 | nonewprivs | ||
44 | noroot | ||
45 | nosound | ||
46 | notv | ||
47 | novideo | ||
48 | nou2f | ||
49 | protocol unix | ||
50 | seccomp | ||
51 | shell none | ||
52 | tracelog | ||
53 | x11 none | ||
54 | |||
55 | disable-mnt | ||
56 | private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff, | ||
57 | zcat,zsoelim | ||
58 | private-cache | ||
59 | private-dev | ||
60 | private-etc alternatives,fonts,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg | ||
61 | private-tmp | ||
62 | |||
63 | dbus-user none | ||
64 | dbus-system none | ||
65 | |||
66 | memory-deny-write-execute | ||
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 2e4215744..e81e78ca7 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile | |||
@@ -21,6 +21,8 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.purple | 22 | mkdir ${HOME}/.purple |
23 | whitelist ${HOME}/.purple | 23 | whitelist ${HOME}/.purple |
24 | whitelist ${DOWNLOADS} | ||
25 | whitelist ${PICTURES} | ||
24 | include whitelist-common.inc | 26 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile new file mode 100644 index 000000000..d3112ae95 --- /dev/null +++ b/etc/profile-m-z/psi.profile | |||
@@ -0,0 +1,78 @@ | |||
1 | # Firejail profile for psi | ||
2 | # Description: Native XMPP client with GPG support | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include psi.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # Uncomment for GPG | ||
10 | # noblacklist ${HOME}/.gnupg | ||
11 | noblacklist ${HOME}/.cache/psi | ||
12 | noblacklist ${HOME}/.cache/Psi | ||
13 | noblacklist ${HOME}/.config/psi | ||
14 | noblacklist ${HOME}/.local/share/psi | ||
15 | noblacklist ${HOME}/.local/share/Psi | ||
16 | |||
17 | include disable-common.inc | ||
18 | include disable-devel.inc | ||
19 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | ||
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | ||
23 | include disable-shell.inc | ||
24 | include disable-xdg.inc | ||
25 | |||
26 | # Uncomment for GPG | ||
27 | # mkdir ${HOME}/.gnupg | ||
28 | mkdir ${HOME}/.cache/psi | ||
29 | mkdir ${HOME}/.cache/Psi | ||
30 | mkdir ${HOME}/.config/psi | ||
31 | mkdir ${HOME}/.local/share/psi | ||
32 | mkdir ${HOME}/.local/share/Psi | ||
33 | # Uncomment for GPG | ||
34 | # whitelist ${HOME}/.gnupg | ||
35 | whitelist ${HOME}/.cache/psi | ||
36 | whitelist ${HOME}/.cache/Psi | ||
37 | whitelist ${HOME}/.config/psi | ||
38 | whitelist ${HOME}/.local/share/psi | ||
39 | whitelist ${HOME}/.local/share/Psi | ||
40 | whitelist ${DOWNLOADS} | ||
41 | # Uncomment for GPG | ||
42 | # whitelist /usr/share/gnupg | ||
43 | # whitelist /usr/share/gnupg2 | ||
44 | whitelist /usr/share/psi | ||
45 | # Uncomment for GPG | ||
46 | # whitelist ${RUNUSER}/gnupg | ||
47 | # whitelist ${RUNUSER}/keyring | ||
48 | include whitelist-common.inc | ||
49 | include whitelist-runuser-common.inc | ||
50 | include whitelist-usr-share-common.inc | ||
51 | include whitelist-var-common.inc | ||
52 | |||
53 | apparmor | ||
54 | caps.drop all | ||
55 | netfilter | ||
56 | nodvd | ||
57 | nogroups | ||
58 | nonewprivs | ||
59 | noroot | ||
60 | notv | ||
61 | novideo | ||
62 | nou2f | ||
63 | protocol unix,inet,inet6,netlink | ||
64 | seccomp !chroot | ||
65 | shell none | ||
66 | # breaks on Arch | ||
67 | # tracelog | ||
68 | |||
69 | disable-mnt | ||
70 | # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG | ||
71 | private-bin getopt,psi | ||
72 | private-cache | ||
73 | private-dev | ||
74 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | ||
75 | private-tmp | ||
76 | |||
77 | dbus-user none | ||
78 | dbus-system none | ||
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile new file mode 100644 index 000000000..541e5a1c4 --- /dev/null +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -0,0 +1,55 @@ | |||
1 | # Firejail profile for smuxi-frontend-gnome | ||
2 | # Description: Multi protocol chat client with Twitter support | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include smuxi-frontend-gnome.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/smuxi | ||
10 | noblacklist ${HOME}/.config/smuxi | ||
11 | noblacklist ${HOME}/.local/share/smuxi | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | mkdir ${HOME}/.cache/smuxi | ||
22 | mkdir ${HOME}/.config/smuxi | ||
23 | mkdir ${HOME}/.local/share/smuxi | ||
24 | whitelist ${HOME}/.cache/smuxi | ||
25 | whitelist ${HOME}/.config/smuxi | ||
26 | whitelist ${HOME}/.local/share/smuxi | ||
27 | whitelist ${DOWNLOADS} | ||
28 | include whitelist-common.inc | ||
29 | include whitelist-runuser-common.inc | ||
30 | include whitelist-usr-share-common.inc | ||
31 | include whitelist-var-common.inc | ||
32 | |||
33 | apparmor | ||
34 | caps.drop all | ||
35 | netfilter | ||
36 | nodvd | ||
37 | nogroups | ||
38 | nonewprivs | ||
39 | noroot | ||
40 | notv | ||
41 | nou2f | ||
42 | protocol unix,inet,inet6,netlink | ||
43 | seccomp | ||
44 | shell none | ||
45 | tracelog | ||
46 | |||
47 | disable-mnt | ||
48 | private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome | ||
49 | private-cache | ||
50 | private-dev | ||
51 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,mono,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | ||
52 | private-tmp | ||
53 | |||
54 | dbus-user none | ||
55 | dbus-system none | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 62b27aa06..54c568f27 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -439,6 +439,7 @@ lynx | |||
439 | lyx | 439 | lyx |
440 | macrofusion | 440 | macrofusion |
441 | magicor | 441 | magicor |
442 | # man | ||
442 | manaplus | 443 | manaplus |
443 | masterpdfeditor | 444 | masterpdfeditor |
444 | masterpdfeditor4 | 445 | masterpdfeditor4 |
@@ -591,6 +592,7 @@ pragha | |||
591 | presentations18 | 592 | presentations18 |
592 | presentations18free | 593 | presentations18free |
593 | profanity | 594 | profanity |
595 | psi | ||
594 | psi-plus | 596 | psi-plus |
595 | pybitmessage | 597 | pybitmessage |
596 | # pycharm-community - FB note: may enable later | 598 | # pycharm-community - FB note: may enable later |
@@ -654,6 +656,7 @@ slack | |||
654 | slashem | 656 | slashem |
655 | smplayer | 657 | smplayer |
656 | smtube | 658 | smtube |
659 | smuxi-frontend-gnome | ||
657 | snox | 660 | snox |
658 | soffice | 661 | soffice |
659 | sol | 662 | sol |